Search Results

Search found 13810 results on 553 pages for 'security roles'.

Page 376/553 | < Previous Page | 372 373 374 375 376 377 378 379 380 381 382 383  | Next Page >

• Thoughts on Apache log file sizes?

  - by Nathan Long

  Do you place any limits on the size of Apache log files - access.log and error.log? Specifically, can you give: Reasons to limit log file sizes Disk space Any other? Reasons NOT to limit log file sizes Research into performance issues or security breaches Any other? Methods of doing so Cron job that periodically deletes the file, or the first N lines? Any other? Anything you might salvage before deleting For example, grep out how many times a file was downloaded before deleting the access logs I'd like get the thoughts of experienced sysadmins before I do anything. (Marking as community wiki since this may be a matter of opinion.)

  Read the article

• Linux Bridge, Samba netbios name/hostname access

  - by Christopher Wilson

  I am currently running a linux bridge in the following configuration ADSL Modem: 192.168.1.1 Linux Bridge: eth0: 192.168.1.2 eth1: no address Wireless Router: 192.168.0.1 My issue is that i cannot access the "Linux Bridge" shares using the WINS name of the server via client systems (yes i understand it is a transparent bridge but i can access it via the 192.168.1.2 address this is not on the same subnet as the client systems). This is the global section of my SMB.CONF [global] unix extensions = off os level = 20 netbios name = server guest account = nobody server string = 447 Server security = share #unix extensions = no #wins support = yes #wins server = 192.168.0.1 name resolve order = wins lmhosts hosts bcast interfaces bridge1 eth0 eth1 lo bind interfaces only = yes Can i access a bridged server using it's WINS name to access samba shares? Cheers Chris

  Read the article

• PHP + IIS Application Pool Identity Windows\Temp permissions

  - by Matt Boothman

  I am currently running PHP (5.3) on IIS 7.5 on a Win2k8 R2 Web Edition Server and would like to know what, if any, problems or security vulnerabilities I may introduct into a system by assigning Read, Write, Modify & Execute permissions to either IUSR account or the IIS_USERS group for %SystemRoot%\Temp? Should I be altering permissions to that folder at all (as Windows reminds me I probably shouldn't when i attempt to change them)? Should I create a temp folder somewhere else and set permissions accordingly? The problem is when i set Anonymous Authentication (I'm guessing is a more secure option???) to use the App Pool identity, when starting sessions PHP gets stuck in a loop because it's unable to create session files in the %SystemRoot%\Temp folder due to lack of permission on the application pool user or IIS_USERS group. Another problem being ImageMagick (PHP Extension) is being denied access to %SystemRoot%\Temp to write temporary files so is throwing exceptions. I have tried searching Google however have not found anything that touches upon this subject specifically. Any help greatly appreciated.

  Read the article

• New Exchange 2010 CAS cannot find domain controllers

  - by NorbyTheGeek

  I am experiencing problems migrating from Exchange 2003 to Exchange 2010. I am on the first step: installing a new 2010 Client Access Server role. The Active Directory domain functional level is 2003. All domain controllers are 2003 R2. The only existing Exchange 2003 server happens to be housed on one of the domain controllers. It is running Exchange 2003 Standard w/ SP2. IPv6 is enabled and working on all domain controllers, servers, and routers, including this new Exchange server. After installing the CAS role on a new 2008 R2 server (Hyper-V VM) I am receiving 2114 Events: Process MSEXCHANGEADTOPOLOGYSERVICE.EXE (PID=1600). Topology discovery failed, error 0x80040a02 (DSC_E_NO_SUITABLE_CDC). Look up the Lightweight Directory Access Protocol (LDAP) error code specified in the event description. To do this, use Microsoft Knowledge Base article 218185, "Microsoft LDAP Error Codes." Use the information in that article to learn more about the cause and resolution to this error. Use the Ping or PathPing command-line tools to test network connectivity to local domain controllers. Prior to each, I receive the following 2080 Event: Process MSEXCHANGEADTOPOLOGYSERVICE.EXE (PID=1600). Exchange Active Directory Provider has discovered the following servers with the following characteristics: (Server name | Roles | Enabled | Reachability | Synchronized | GC capable | PDC | SACL right | Critical Data | Netlogon | OS Version) In-site: b.company.intranet CDG 1 0 0 1 0 0 0 0 0 s.company.intranet CDG 1 0 0 1 0 0 0 0 0 Out-of-site: a.company.intranet CD- 1 0 0 0 0 0 0 0 0 o.company.intranet CD- 1 0 0 0 0 0 0 0 0 g.company.intranet CD- 1 0 0 0 0 0 0 0 0 Connectivity between the new Exchange server and all domain controllers via IPv4 and IPv6 are all working. I have verified that the new Exchange server is a member of the following groups: Exchange Servers Exchange Domain Servers Exchange Install Domain Servers Exchange Trusted Subsystem Heck, I even put the new Exchange server into Domain Admins just to see if it would help. It didn't. I can't find any evidence of Active Directory replication problems, all pre-setup Setup tasks (/PrepareLegacyExchangePermissions, /PrepareSchema, /PrepareAD, /PrepareDomain) completed successfully. The only problem so far that I haven't been able to resolve with my Active Directory is I am unable to get my IPv6 subnets into Sites and Services Where should I proceed from here?

  Read the article

• reverse proxy only from one internal server

  - by hrost

  I have configured a reverse proxy and is working ok for one internal server, for example our mail server. Now, I like to know if it is possible to configure a reverse proxy for only one server /application (in this case our web intranet). Our problem is Intranet call another aplication inside same intranet server and another internal servers, and the only way that I know to publish this resources is make a reverse proxy in our dmz apache for all apllications servers, but I like that from our DMZ reverse apache only intranet will be called, and other applications will be called by intranet server, and not reverse proxy. I like to configure with this system for security reason, and only allow external access to one server. I have configured With Debian Squeeze and apache 2.2 It is possible? How?

  Read the article

• Connect to MySQL EC2 Instance outside of VPC

  - by Brian W

  I have a VPC setup with a few EC2 instances inside. I'm attempting to connect to a MySQL database on an EC2 instance outside the VPC, with no luck. I have the security groups on the VPC EC2 instances set to outbound 0.0.0.0/0 which I assumed would let it connect to any outbound connection. I also followed a tutorial on creating a NAT, but wasn't exactly sure how to use it to connect to an external database. In any case, if anyone has experience and knows the proper way to connect to a database outside the VPC, it would be greatly appreciated!

  Read the article

• How can I prevent Ask.com Toolbar from being installed every time Java is updated?

  - by abstrask

  As many are painfully aware of, Oracle continues to not only bundle the Java installation with the useless Internet browser toolbar from Ask.com, but also enable its installation by default. In addition to the toolbar, Ask also replaces your favourite search engine in your browser with Ask. Furthermore, the Java installation goes as far as to actually recommend installing this useless junk, meaning that any non IT-savvy person is more than likely to leave it checked and install it (after all, it was enabled by default and the friendly Java installer did recommend it, right?). To add insult to injury, even if you remove the Ask Toolbar, you can be sure to see it again soon, when the next Java update hits you (which seem to happen quite often lately, due to loads of security fixes for Java, but that's another story). I'll duly remove the check-mark to install Ask Toolbar, whenever I update Java, but when supporting my family and friends, it's obvious they don't. How can I prevent the pesky Ask.com Toolbar from being installed in the first place?

  Read the article

• lamp server permissions on development server

  - by user101289

  I run a LAMP server on a ubuntu laptop I use only for development. I am not greatly concerned with security, since the server is never accessible outside the local network, and it's turned off when I'm not using it. My question is what is the simplest and 'best' way to set permissions/users/groups so that when my myself user creates, edits or writes files in the webroot, I won't need to go through and CHMOD / CHOWN everything back to the www-data user? Should I add myself to the www-data group? Or chown the webroot to www-data:myself? Or is there a best practice for this situation so I don't have to keep re-setting the ownership of these files? Thanks

  Read the article

• Why is my ethernet interface in promiscuous mode

  - by nhed

  I read that seeing a flag of M in netstat -i is the way to tell which of your interfaces is in promiscuous mode I run it and I see that eth1 is in promiscuous mode $ netstat -i Kernel Interface table Iface MTU Met RX-OK RX-ERR RX-DRP RX-OVR TX-OK TX-ERR TX-DRP TX-OVR Flg eth1 1500 0 1770161198 0 0 0 57446481 0 0 0 BMRU lo 16436 0 97501566 0 0 0 97501566 0 0 0 LRU This seems to be the case on all the machines I checked (All Centos6.0, both virtual and physical), any idea why ethernet devices would be in such a mode unless someone was running any pcap based app (sudo lsof | grep pcap shows nothing)? I did not see any mention of promiscuous in any of the config files (sudo grep -r promis /etc) Any ideas what puts the interface into that mode and why? p.s. most of the posts I see seem to be security related, this is not that

  Read the article

• Scheduled task username changed

  - by Ernst

  I posted this originally on stack overflow where I was told I should ask it here: Hi, I created a user on our exchange server, but later changed the username. Now, when I create a scheduled task for that user, and change it's settings (run only when logged on), the username is automatically changed back to the old username. What's causing this and how do I make sure the correct, new username is used for the task (otherwise it won't run), security settings are okay. I did already log in with a different user to delete the profile on the computer and tried again with this user to no avail. The OS is windows xp, the exchange server is on windows server 2003. Thanks

  Read the article

• How do I install and run Tomcat on port 80 as my only web server? (Rooted Ubuntu box)

  - by gav

  Hi All, tl;dr - I have a rooted linux box that I want to run tomcat on as a server (No Apache Web Server) how would you set this up avoiding common security pitfalls? I've written a Grails App that I want to run on a VPS I rent. The VPS has very little memory and I am using it for the sole purpose of running this application so I don't need the apache web server. This is my first venture into Server administration and I'm sure to fall into some well known traps. Should I use iptables to redirect requests from port 80 to 8080? Should I run tomcat as root or as it's own user? What configuration settings would be good for a low memory system expecting less than 10 concurrent users? Hopefully an easy one for you! Anyone who could link to a tutorial would be a personal hero destined for great things no doubt. Gav

  Read the article

• Detect damage done by virus

  - by user38471

  Hey, this morning after I went to college a virus infected my pc without any user interaction at my end. When I came home my computer was completely frozen and infected with lots of trojans. I have not typed anything important since returning so keys cannot be logged. However I want to know exactly when my computer crashed from the time of infection to see what could potentially be done remotely by a hacker. The virus my pc was diagonosed with was "fakespypro" http://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Win32%2fFakeSpypro on a fully updated windows 7 installation with firewall enabled. My computer was connected to an internal dorm room network, so probably that has had to do something with it. Any further information about how I could backtrace this virus infection or ways to discover what data might be stolen would be greatly appriciated.

  Read the article

• Is there any danger in disabling windows firewall on a azure worker role?

  - by NullReference

  I'm trying to troubleshoot a bug on our Azure worker role where we occasionally get the error "Unable to read data from the transport connection: An established connection was aborted by the software in your host machine". This error occurs when we are connecting to outside resources like google auth servers. A few people have recommended disabling the firewall\antivirus on the server. I'm just wondering what kind of security risk we would take by doing this. The server doesn't have iis installed but would it be vulnerable to hacking without the firewall? Thanks

  Read the article

• diagnostic software for wifi adapter

  - by Nathan Fellman

  I'm having trouble with my wifi connection. Is there any software out there that can help me determine if the problem is in the drivers or in the hardware? Regretfully, I'm working on Vista Edit: The problem I'm having is that the Vista reports that the wireless radio is connected, shows an IP and all, the router also shows that the computer is connected, but there's no connectivity. I can't logon to the router, and I can't even ping it. When I ping it I get the response: General Failure I have tried connecting with and without various wireless security protocols. I have tried disabling the wireless adapter and re-enabling it from the Device Manager I have tried updating the driver None of this has helped. When I connect via Ethernet (with a cable, that is), everything works fine. Edit: I'm not using any firewall on the computer, that I'm aware of. The IP address for the WIFI adapter is similar to the one for the LAN adapter. They differ by one.

  Read the article

• Choosing a home network layout

  - by James M.

  I have a server, 4 PC's, a network printer, a switch and an ADSL modem. Currently the server runs Red Hat 9 and sits between the internet and the other PCs like in http://upload.wikimedia.org/wikipedia/en/1/12/Sample-network-diagram.png I have bought a new server PC to replace the old one, and I plan to install Fedora Core linux on it. The server acts as web and file server. The PCs all run Windows. Alternatively, I could connect the new server and all PCs to the switch, and connect the switch to the modem. (Sorry, couldn't find an image.) What are the pros and cons of these network layouts? Eg. in terms of reliability, security and flexibility? I am not a Linux guru but know of (and am not afraid of) iptables, dhcpd et al. Thank you for any tips, pointers and links.

  Read the article

• SSL Certificate for local web server

  - by Firefly

  Is it at all possible to create a self-signed certificate for use on multiple machines on a local network which would stop the browser complaining it is not a trusted site? We have a product which is basically a computer running lighttpd to serve a web interface for configuring the computer (sort of how a router has a web interface). There can also be many of these machines running on the same network with dynamic IP's. What I basically want to do is enable SSL for extra security but I don't want people who are on the local network to be given a browser warning about the certificate not being trusted. Is this at all possible?

  Read the article

• SSL certificates with password encrypted key at hosting provider

  - by Jurian Sluiman

  We are a software company and offer hosting to our clients. We have a VPS at a large Dutch datacenter. For some of the applications, we need an SSL certificate which we'd like to encrypt with a password protected keyfile. Our VPS reboots now and then because of updates whatsoever, but that means our apache doesn't start right away because the passwords are needed. This results in downtime and is of course a real big problem. We can give the passwords to our VPS datacenter, or create certificates based on keyfiles without passwords. Both solutions seem not the best one, because they compromise the security of our certificates. What's the best solution for this issue?

  Read the article

• Import Java Trusted Certificate to JRE

  - by Zalastax

  I need to install a certificate from a Java app to a lot of people. I want to use a one click program or batch file to import it as a Trusted Certificate(in Control Panel-Security-Certificate). Then they won't need to press always allow first time they use the application. I have extracted the needed certificate as both a .csr and as a .cer (the .csr via Control Panel and the .cer via keytool). Now I need to get one of them back without any clicking in menus. I don't really understand the documentation of importing .cer with keytool and would like an example. Or are there an easier way than using keytool?

  Read the article

• How can I keep websites from knowing where I live?

  - by D Connors

  This questions is related to issues and practicality, not security. I live in Brazil and, apparently, every single website I visit knows about it. Usually that's ok, but there are quite a few sites that don't make use of that information adequately. For instance: Bing keeps thinking that brazilian pages are way more relevant to me than american ones (which they're not). Google.com always redirects me to google.com.br. Microsoft automatically sends me to horribly translated support pages in portuguese (which would just be easier to read in english). These are just a few examples. Usually it's stuff I can live with (or work around), but some of them are just plain irritating. I have geolocation disabled in firefox, so I guess they're either getting this information from my IP or from windows itself (which I bought here). Is there a way to avoid this? Either tell them nothing or make them think I live somewhere else? Thanks

  Read the article

• Using Internet Explorer 8 and 9 beta under internet options -advanced java does not show to check the box

  - by Michael Bishop

  I am using internet 8 and under internet options advanced there is not box to check to enable java. I was told to reset which did nto work. I have tried to uninstall java 6-21 32 bit but I get windows installer error 1723. I brought up the java console and made sure it was pointing to the right target. But I guess the main thing is I have no enable java under internet options, advanced. It was under security to enable java scripting. Any answers?

  Read the article

• DNS Issue Windows 2003 AD-The server holding the PDC role is down

  - by Dave M

  Our network of Windows 2003 and Windows 2008 servers suddenly hasDNS issues. There are 7 DCs. Two at our main office and one each at branch sites (one branch has two a 2008R2 and WIN2K3) Only two are WIN2008R2 Running DCDIAG on the WIN2K3 at main site (DC1) reports no issues. Running at any branch site reports two issues All other test pass. The server DC1 can be PINGed by name from any site Starting test: frsevent There are warning or error events within the last 24 hours after the SYSVOL has been shared. Failing SYSVOL replication problems may cause Group Policy problems. Starting test: FsmoCheck Warning: DcGetDcName(PDC_REQUIRED) call failed, error 1355 A Primary Domain Controller could not be located. The server holding the PDC role is down. Netdom.exe /query DC reports the expected servers. netdom query fsmo This reports the server at the main office holds the following roles: * Schema owner Domain role owner PDC role RID pool manager Infrastructure owner In the DNS management snap-in, DC1 appears as DNS server but does not appear in _msdcs-dc-_sites-Default-First-Site-Name-_TCP There is no _ldap or –kerberos record pointing to DC1 Same issue msdcs-dc-_sites- -_TCP Again there is no _ldap or –kerberos record pointing to DC1 Under Domain DNS Zones there is no entry for the server. This is the case for any _tcp folder in the DNS. The server DC1 appears correctly as a name server in the Reverse Lookup Zone. There is a Host(A) record for DC1 but in the Forward Lookup Zone there is no (same as parent folder) Host(A) for the DC1 server but such an entry exists for the other DCs at branch sites and the other DC at the main office. We have tried stopping and starting the netlogon service, restarting DNS and also dcdiag /fix. Netdiag reports error: Trust relationship test. . . . . . : Failed [FATAL] Secure channel to domain 'XXX' is broken. [ERROR_NO_LOGON_SERVERS] [WARNING] Failed to query SPN registration on DC- One entry for each branch DC All braches lsit the problem server and it can be Pinged by name from any branch Fixing is number one priority but also would like to determine the casue.

  Read the article

• File ownership and permissions on web site PHP files

  - by columbo

  Hello, I am learning the basics of linux servers so I am green. I have an Ubuntu server upon which there are websites that I have inherited. In a fit of security worry I decided to check out the ownership of the web site files. They are all 2016:sites. If I run the command 'cat /etc/group | more' I can see that the group exists. But when I run 'lastlog' the user 2016 does not appear. I started to worry that 2016 might be the username of web users connecting from the web so I set the permissions on a testfile to chmod 600, giving read permissions to only the file owner. Sure enough I could still access the file from the web. Can anyone suggest what is going on here? I tried creating a new user and giving them file ownership but then when I access the file from the web it wants me to have all directories up stream owned by the same person. Thanks

  Read the article

• Secure Apache PHP vhost configuration

  - by jsimmons

  I'm looking to secure some websites running under apache using suexec. At the moment php is executed with the user/group of the file being executed. This seems to me, not secure enough. It stops vhosts interfering with each other, but does not stop malicious code writing anywhere in the vhost being used. I was thinking that a possibility would be to run scripts as nobody/vhost group, that way the vhost user could still have full access to the vhost directories, but executing php would only be able to write to files with g+w, and to execute files with g+x. This I think should stop arbitrary writing in the web dir from compromised php. Just wondering if this is crazy, ridiculous, stupid? Of course this would be done on top of existing security measures.

  Read the article

• Adding Thunderbird-stable repository gives "can't find signing_key_fingerprint" error

  - by EBV2010

  I'm trying to install Thunderbird 11 on Kubuntu 10.04. I was able to do it on the machine I'm working on. To get a clean process that I can roll out to other clients, I re-installed the machine and repeated the process. This is what I did (I've left out the sudo for clarity): add-apt-repository ppa:ubuntu-mozilla-security/ppa apt-get update add-apt-repository ppa:mozilla-team/thunderbird-stable The last one resulted in this error: Error: can't find signing_key_fingerprint at https://launchpad.net/api/1.0/~mozilla-team/+archive/thunderbird-stable The machine as it was before re-installation gave no such message. It was built from the same sources. Bottomline: I got Thunderbird 11.0 to run on Kubuntu 10.04 but after re-installation, adding the repository gives an error and won't add. Is there a way to solve the signing_key_fingerprint error?

  Read the article

• Failure to copy files with ownership/ACL information on a Windows Server 2008 R2 machine

  - by darklion

  I'm attempting to copy a directory tree, maintaining its ownership information using the command: XCOPY S:\ProjectsDefault\Tempalte\admin S:\Projects\00\111\admin /S /E /I /O the command gives an Access denied error message, and while it does create the directory tree, the ownership and ACL information is not copied. This is being done on a Windows 2008 R2 Server which has mounted a share from a Windows 2003 R2 domain controller. The user has been been granted full access to the share and is a member of the Domain Admins security group. Oddly enough, the command does work if performed on a different (Windows 2003 R2 Server). (It also works if done using the Domain Administrator account on the 2008 server.)

  Read the article

< Previous Page | 372 373 374 375 376 377 378 379 380 381 382 383  | Next Page >