Search Results

Search found 64186 results on 2568 pages for 'access control service'.

Page 813/2568 | < Previous Page | 809 810 811 812 813 814 815 816 817 818 819 820  | Next Page >

• Running a webserver behind a firewall, is it secure?

  - by i.am.intern

  Currently we have a Linux-based firewall which NAT-ing our public IP address to give internet access to our staff's PCs and a Windows Server 2003 for internal filesharing. I want to host Redmine/SVN (a bugtracker) internally behind this firewall using a Linux server. This webserver will be accessed by our clients externally so they can post bug reports. This means that I have to open port 80 & 22 at the firewall to give access to the webserver and me to SSH it from home. However, let's say I'm using password-based SSH for the webserver and somebody cracked it. Does that mean the cracker could ping and access other servers and PCs in the network?

  Read the article

• Windows Server 2012 licensing issue preventing RDP connections?

  - by QF_Developer

  I am witnessing an unusual behaviour on 1 of 5 Windows Server 2012 R2 machines (clean install) that is preventing any remote connections from being established via RDP. I have run through the prerequisites for RDP here but I am finding that any remote connection attempt instantly stops the "Windows Protection Service". When I check the event logs I see the following entry. The Software Protection Service has stopped Event ID: 903 Source: Security-SPP From what I have read Security-SPP is tasked with enforcing activation and licensing, it appears that RDP requires this service to be in the running state. Is it possible that I have inadvertently activated this instance of Windows with a key that has already been associated to another instance (We have 5 keys as part of an MSDN subscription)? Would this be sufficient to block RDP access? When I look under System Properties (Windows Activation) it states that Windows is activated and there are no other obvious indicators that there's a licensing issue. EDIT 1: I ran a Powershell script to display the product keys for all servers in order to check for any duplication. For the problematic server I am getting the message The RPC server is unavailable.

  Read the article

• How to block all multicast traffic travelling through a Cisco Catalyst 3750

  - by TrueDuality

  Something changed today. I can't seem to track down what, but one of our 3750s decided that it was going to forward all the multicast traffic it saw from the ghost server across every VLAN it has. I've tried writing a simple access group that consists of the following: access-list 100 deny ip any 224.0.0.10 0.0.0.255 access-list 100 permit ip any any I apparently mistakenly assumed that once applied to an interface that it would block all of the multicast traffic on that interface regardless of VLAN. I do not want any multicast traffic flowing through this particular switch to any VLAN or even to stay on the same VLAN beyond this switch. Does anyone have any ideas?

  Read the article

• How to tell nginx to honor backend's cache?

  - by ChocoDeveloper

  I'm using php-fpm with nginx as http server (I don't know much about reverse proxies, I just installed it and didn't touch anything), without Apache nor Varnish. I need nginx to understand and honor the http headers I send. I tried with this config (taken from the docs) but didn't work: /etc/nginx/nginx.conf: fastcgi_cache_path /var/lib/nginx/cache levels=1:2 keys_zone=website:10m inactive=10m; fastcgi_cache_key "$scheme$request_method$host$request_uri"; /etc/nginx/sites-available/website: server { fastcgi_cache website; #fastcgi_cache_valid 200 302 1h; #fastcgi_cache_valid 301 1d; #fastcgi_cache_valid any 1m; #fastcgi_cache_min_uses 1; #fastcgi_cache_use_stale error timeout invalid_header http_503; add_header X-Cache $upstream_cache_status; } I always get "MISS" and the cache dir is empty. If I uncomment the other directives, I get hit, but I don't want those "dumb" settings, I need to control them within my backend. For example, if my backend says "public, s-maxage=10", the cache should be considered stale after 10 secs. Instead, nginx will store it for 1h, because of these directives. I was thinking whether I should try proxy_cache, not sure what's the difference. In both fastcgi and proxy modules docs it says this: The cache honors backend's Cache-Control, Expires, and etc. since version 0.7.48, Cache-Control: private and no-store only since 0.7.66, though. Vary handling is not implemented. nginx version: nginx/1.1.19 Any thoughts? pd: I also have the reverse proxy that is offered by Symfony2 (which I turn off to use nginx's). The headers are interpreted correctly by it, so I think I'm doing it right.

  Read the article

• Terminal command to change permissions to my 'Sites' folder and apply change to enclosed items?

  - by Ryan

  Using Snow Leopard, I'm having issues with permissions in my Sites folder. While I can navigate to localhost/~username and read any files or folders there, the same permissions have not been applied to enclosed items, and I get a 403 error trying to access them in the browser. If I select one of these enclosed folders and get info using Finder, I see the user 'Everyone' is set to 'No Access' but I can't change that (this behavior seems buggy, actually). And if I select my 'Sites' folder, the tool to 'Apply to enclosed items' is grayed out... Is there a Terminal command I can use to grant 'Read Only' access to my Sites folder, and all it contains, for the user 'Everyone'?

  Read the article

• How to have LiveJournal delegate my OpenID to something else?

  - by T-Boy

  I understand that if I have full control over my domain, I can set it up so that I can delegate the task of authenticating to another OpenID service provider. The problem is, what I'd like to do is to get the LiveJournal server to pass the authentication to someone else, instead of having LJ doing it. Preferably what I'd like to do is get LiveJournal, when asked by a web site, say, "No, I don't do it anymore -- go to this address". The plan was that this address would then be in a domain I fully control, which then would pass it on to whichever service provider I choose. I don't even know if I've gotten my understanding of OpenID right, if all this shenanigans are necessary, if my question makes sense, or if it's even possible with a service provider like Livejournal. ETA: Doing a little more reading up, and examining the source for my LiveJournal user page, I note that this particular line in the file's <header> area: <link rel="openid.server" href="http://www.livejournal.com/openid/server.bml" /> I suspect that changing this will allow me to forward OpenID requests to whomever I wish, I think; so far so good. Now comes the hard part -- figuring out how to change all of that using LiveJournal's customization options, if that is at all possible (here's hoping I don't need to pay to get that functionality).

  Read the article

• How to copy protected files when an Administrator in Vista (easily)

  - by earlz

  Hello, I have a harddrive I need to backup. In the harddrive is of course things like Documents and Settings which is set to not allow other people to see inside someone's personal folders. I am an administrator though and I can not figure out how to mark these files so that I am permitted to access them and copy them. IWhen I double click on My Documents then it pops up saying You must have permission to access this and gives me an option like ok or cancel. I click ok and then it says you do not have permission to access these files I'm an administrator on the system so I don't understand why Vista is locking me out. How can I setup vista so that it will let me copy every file, even ones I don't have permission to?

  Read the article

• Getting started with the vCenter Web Client Administration tool

  - by Saariko

  I am trying to access a newly vCenter. The documentation clearly mentions to access the web-admin through: https://localhost:9443/admin-app but since I don't have a windows OS built under the vCenter (I use the vCenter Appliance) There is no localhost to use. If I try with the host IP I get the error: This PDF explains to install IIS component - But it's ESX 4 - and also not talking about appliance. so, a simple question: how can I access the web-app admin tool? also found a similar question on vmware forum. But I can't understand the solution/if any.

  Read the article

• nagios ldap-group based front end login permission issues

  - by Eleven-Two

  I want to grant users access to the nagios 3 core frontend by using an active directory group ("NagiosWebfrontend" in the code below). The login works fine like this: AuthType Basic AuthName "Nagios Access" AuthBasicProvider ldap AuthzLDAPAuthoritative on AuthLDAPURL "ldap://ip-address:389/OU=user-ou,DC=domain,DC=tld?sAMAccountName?sub?(objectClass=*)" AuthLDAPBindDN CN=LDAP-USER,OU=some-ou,DC=domain,DC=tld AuthLDAPBindPassword the_pass Require ldap-group CN=NagiosWebfrontend,OU=some-ou,DC=domain,DC=tld Unfortunately, every nagios page just shows "It appears as though you do not have permission to view information for any of the services you requested...". I got the hint, that I am missing a contact in nagios configuration which is equal to my login, but creating one with the same name as the domain user had no effect on this issue. However, it would be great to find a solution without manually editing nagios.conf for every new user, so the admins could grant access to nagios by just putting the user to "NagiosWebfrontend" group. What would be the best way to solve it?

  Read the article

• Active Directory FRS problems. 13508 error and other problems

  - by user59232

  I have 3 Domain Controllers. We will call them DC1, DC2 and DC3. DC3 and DC2 show Event ID 13508 in their FRS logs with no follow-up event(13509 I think) to say the error had been fixed. DC1's FRS log no matter what you do never shows any events besides FRS service stopped and started. DC1 holds the SYSVOL that needs to be replicated to the other DC's. The other DC's sysvol folders are empty. I have tried the burflag method of fixing this but I haven't had any luck. My procedure for that was to stop all FRS services on all DC's. Then set the burflag on DC1 to D4 and the other two DCs burflag to D2. Started FRS on DC1 and the only event's I see in DC1's FRS event logs are service stopped and service started messages. This fact is leading me to believe that something is wrong on FRS for DC1. I believe there should be events 13553 and 13516 in the FRS event logs after an authoritative sysvol restore. The other two DC's do not have anything in their SYSVOL, otherwise I would have made one of them the authoritative sysvol. DC1 is MS Server 2003 Enterprise Edition SP2 DC2 is MS Server 2003 Standard Edition SP1 DC3 is MS Server 2003 R2 Standard Edition SP2 I did not setup this domain originally but I am now the administrator of it, so I don't have a lot of background on why certain things may have been done in the past. My main goal is to try and fix these issues to get myself better prepared to decommision DC1 and add a DC running Server 2008 to my domain. Thanks.

  Read the article

• How to set the network profile of Windows 7 via group policy?

  - by Ricket

  We are deploying client computers and in testing noticed that the first time the user logs into the computer, it asks them if the location is a home, work, or public location. We are worried that some users in our workplace might misread it (or not read it at all) and click Public, thus likely denying our access to the computer and messing up security settings and such. Can we set our network to be a "Work Network" location via group policy or some other mechanism of our Windows Domain so that the user is not prompted when connected to our network? Also these are laptops, so we don't want every network they connect to be set as work network, and we have several access points (wired and three wireless) which our users often switch between so I'm not yet sure if it reprompts with each access point but I have the feeling it will, and I would like all of these to be set to the Work profile type.

  Read the article

• How to secure svn+ssh checkout users?

  - by vvanscherpenseel

  All our SVN repositories are hosted on a dedicated machine on which all the developers have access. Every now and then we need to checkout a repository on a machine we don't own or operate ourselves. Currently we all use our own system (SSH) account for this, but instead I would like to use some generic 'checkoutsvn' user that can be used for this. This user is only used for checking out from a repository, but should not be allowed to log in to the system (no shell access). I tried to do this by setting the default shell of that account to /sbin/nologin but then SVN fails, as apparently svn+ssh requires shell access. How do you do this? Is there a good solution for this?

  Read the article

• Server App - Users

  - by Benno

  I'm using mac OSX lion server, and I'm trying to setup a user account with access to different services. I had to create the user in Prefs users and groups, because it wouldn't work in the Server app. In the server app, it kept saying "This operation couldn't be completed". I managed to create the user in the system prefs, but now I'm back in the server app and cannot update the services the user has access to. The checkboxes are all there for e.g. Address book, file sharing etc, but I can't deselect any of them... Any ideas on why I can't change a user's access to services?

  Read the article

• Dovecot starting and running, but not listening on any port

  - by Dženis Macanovic

  Among others things I'm in charge of a Debian GNU/Linux (Wheezy) DomU for the mail services of the company i work for. Yesterday one HDD that was used for this particular server has died. After installing Debian again, Dovecot decided to no longer listen on any ports (checked with netstat -l). Other services (like Postfix and MySQL) work without problems. dovecot -n: # 2.1.7: /etc/dovecot/dovecot.conf # OS: Linux 3.2.0-3-amd64 x86_64 Debian wheezy/sid ext3 auth_mechanisms = plain login disable_plaintext_auth = no first_valid_uid = 150 last_valid_uid = 150 mail_gid = mail mail_location = maildir:/var/vmail/%d/%n mail_uid = vmail namespace inbox { inbox = yes location = prefix = } pass db { args = /etc/dovecot/dovecot-sql.conf.ext driver = sql } plugin { sieve = ~/.dovecot.sieve sieve_dir = ~/sieve } service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0660 user = postfix } unix_listener auth-userdb { group = mail mode = 0666 user = vmail } } service imap-login { inet_listener imaps { port = 993 ssl = yes } } service pop3-login { inet_listener pop3s { port = 995 ssl = yes } } ssl_cert = </etc/ssl/private/mail.crt ssl_key = </etc/ssl/private/mail.key userdb { args = /etc/dovecot/dovecot-sql.conf.ext driver = sql } protocol imap { mail_max_userip_connections = 25 } UID 150 is vmail (I double checked file permissions). I didn't install Dovecot from source, but via apt from the official Debian US mirror. There are no messages concerning Dovecot in /var/log/syslog except for: Oct 21 06:36:29 server dovecot: master: Dovecot v2.1.7 starting up (core dumps disabled) Any ideas?

  Read the article

• Remote connection to Mysql not working

  - by Fillipe Silva

  We have an application running with CodeIgniter and MySQL in cestacerta.com. Ther are two versions: One that is in production and it works perfectly, and one that is our Development version. This runs locally on my machine and the other developers. The development version needs to remotely connect to the database, and it rather suddenly stopped working. I've given permission to access any IP settings on the server. I can access the database through the MySQL Gui Tools. I have tested access to several different codes, including a newly downloaded version of CodeIgniter and always got the same error: "A Database Error Occurred Unable to connect to your database server using the provided settings. Filename: C: \ xampp \ htdocs \ cestacerta \ system \ database \ DB_driver.php Line Number: 119 " What troubleshooting steps can I take determine if the error is on our workstations (which all have the same error) or on our server.

  Read the article

• File/folder Write/Delete wise, is my server secure?

  - by acidzombie24

  I wanted to know if someone got access to my server by using a nonroot account, how much damage can he do? After i su someuser I used this command to find all files and folders that are writeable. find / -writable >> list.txt Here is the result. Its most /dev/something and /proc/something and these /var/lock /var/run/mysqld/mysqld.sock /var/tmp /var/lib/php5 Is my system secure? /var/tmp makes sense but i am unsure why this user has write access to those folders. Should i change them? stat /var/lib/php5 gives me 1733 which is odd. Why write access? why no read? is this some kind of weird use of a temp file?

  Read the article

• Unix file permission for groups

  - by GOPI

  I am working on HP Unix server. I have a directory in which users from different groups need to create files. And the users of a same group should have complete access to the files created by their group and only read access for the files created by other groups. I tried to set sticky bit for the directory thereby to restrict access for other groups. But I face the following problem. Created File1 from user1 of GroupA. When I tried to execute the 'rm' command from user2 of the same group GroupA, it doesn't allow as user2 is not the owner of the file. can setgid (at directory level) or other command help me to sort this issue?

  Read the article

• How can I clear the "authentication cache" in Windows 7 to a password protected samba share?

  - by Chris Drumgoole

  I have a Linux samba server and have explicitly listed users that can access the folder. I have successfully congfigured Samba to require a username and password when accessing the share from windows (using the smbpasswd, etc.). But now I want to force clear the auth cache on the windows machine. Such as when I go to a colleague's computer, I use my account to access a file in the protected share, but then before I leave his computer, i'll want to make sure the authorization cache is cleared so he cannot access that folder with my credentials. I found the command to use in the windows command prompt on google a couple of weeks ago but silly me I didn't save it... Hope someone can help, thanks! Oh, Samba is configured as a workgroup and not a domain (if that helps) - so windows users do NOT log into a domain on start up. thanks!

  Read the article

• How to duplicate a backup set from one media server to another

  - by MathematicalOrchid

  I really honestly can't figure out how to do this. It's easy enough to open Backup Exec and tell it to duplicate the data on one local device onto another local device. What I cannot figure out how to do is make it duplicate data from one local device to a remote device. I can connect to the remote BE server, but then I can only access the remove devices. I can connect to the local BE server, but then I can only access the local devices. I can't figure out how the heck to get access to both local and remove devices simultaneously. Symantec Backup Exec 12.5 for Windows, in case it matters.

  Read the article

• Switch between network configurations via command line in fedora 17

  - by Mike Fairhurst

  I have two different setups I use on my work laptop; one enables synergy over an ethernet ssh tunnel with my work computer on the local network, and the other opens an HTTP tunnel to my work computer from outside the network. When I have wifi enabled at work, my laptop seems to use it by preference. This makes synergy run incredibly slowly. At home I must use wifi. I have scripts that begin my ssh tunnels, add my ssh keys, and starts up other programs like synergy, and close themselves when I shut my laptop. However, every day I have to start out my routine by opening my gnome-control-center and turning on my ethernet. I have tried route add and ifup, none of it works, so I dove into gnome-control-center's source code and found that it enabled the connection by libnm's method nm_client_activate_connection with some libnm specific structs that I am having trouble tracking down. I'm not much of a c programmer, and I'm not familiar with either GTK or libnm. Does anybody know what fedora 17 does with ethernet connections to fully enable them? Or does anybody know what libnm does to fully enable an ethernet connection? Do I have to write a c script to run libnm for me to fully emulate whatever gnome-control-center is trying to do?

  Read the article

• How do I log file system read/writes by filename in Linux?

  - by Casey

  I'm looking for a simple method that will log file system operations. It should display the name of the file being accessed or modified. I'm familiar with powertop, and it appears this works to an extent, in so much that it show the user files that were written to. Is there any other utilities that support this feature. Some of my findings: powertop: best for write access logging, but more focused on CPU activity iotop: shows real time disk access by process, but not file name lsof: shows the open files per process, but not real time file access iostat: shows the real time I/O performance of disk/arrays but does not indicate file or process

  Read the article

• Lynksys WRT120N wireless router not connecting to ADSL

  - by pradeetp

  I have a lynksys WRT120N wireless router that was connected to Sterlite ADSL modem. The internet connection was working fine through wireless access. I changed the ADSL router because it developed some power issues and got it replaced with the same model/brand from the service provider. However I am not able to access internet now. Here is the current setting Sterlite SAM300 XA IP Address: 192.168.2.1 (I changed it to this IP because the IP address of my ADSL router was same) Lynksys WRT120N wireless router IP Address: 192.168.1.1 If I connect my laptop to ADSL router directly, the internet works fine. It is only that that if I access it wirelessley through wireless router that I am not able to connect to internet. The IP address setting has been configured to obtain IP address automatically. I have windows 7 OS home edition. Could someone please help me to fix this issue.

  Read the article

• linux networking: how to redirect incoming connections from old server to new server?

  - by aliz

  hi I'm in the process of moving my old server to a new server, but i will keep the old server running for database replication and load balancing, etc. each server has a separate internet connection with a static ip, and they are connected through a local Ethernet connection. I've got Ubuntu 8.04 32-bit running on old server and Debian 6.0 64-bit on new one. shorewall firewall is installed on both servers. there are some outdoor devices which are periodically sending data to port 43597 for old server IP address. I can run multiple instances of the network service which is responsible for receiving data from devices on a server but on different ports. here's the question: how can I run the service on new server and have connections coming to old server redirected to it, and new devices can still connect to new server's IP address preferably on the same port and same service? until all devices get updated to send to new server. I've tried a shorewall DNAT rule, but seems like new server's default route should be changed to ethernet connection, which breaks other things. I also found about redir utility, but still haven't tried it. is there any best practice or simple solution for such a scenario, i'm not aware of? thanks in advance.

  Read the article

• Only allow root to change filesystem

  - by Uejji

  The VPS I manage uses a simple hard link rsync archive daily backup system saved to a loop file. This is great, because each backup only takes up as much space as what has changed each day, and all user/group permissions are kept. I would like to give users direct access to their home directories in each backup, but I'm worried about intentional or accidental backup data destruction, as how it stands now users can actually change, destroy or add to backed up data they originally owned. I've been looking for a way to mount this filesystem similar to an ro mount option, but something that would still allow rw access to root, but I've had absolutely no luck. In other words, I want users to be able to view and copy their backed up data without actually being able to change it, and have that data maintain the original permissions. I've got no real preferences as far as filesystem, as long as it's a standard unix filesystem that can preserve permissions, support hard links and deny write access to users without actually stripping the w permission from everything.

  Read the article

• Nagios send mail when server is down

  - by tzulberti

  I am using nagios 3.06 to monitor the servers. When a service is critical, it sends a mail, but when a server is down no mail is sent. Even if all the services go to critical state, no mail is sent. I have the following configuration: define command {     command_name notify-host-by-email     command_line python /etc/nagios3/send_mail.py "[Nagios] $HOSTNAME$" "******** Nagios ****\n\n Host: $HOSTNAME$\n Description: the server is down" } define command{     command_name notify-service-by-email     command_line python /etc/nagios3/send_mail.py "[Nagios] $HOSTNAME$: $SERVICEDESC$ ($NOTIFICATIONTYPE$)" "***** Nagios *****\n\nNotification Type: $NOTIFICATIONTYPE$\nService: $SERVICEDESC$\nHost: $HOSTALIAS$\nAddress: $HOSTADDRESS$\nState: $SERVICESTATE$\nDate/Time: $LONGDATETIME$\nAdditional Info:$SERVICEOUTPUT$" } The python script is a script to sent a mail. It works if I execute it from the command line, but it doesn't sents an email from nagios. What I am doing wrong? UPDATE: The contact data is: define contact{     contact_name root     alias Root     service_notification_period 24x7     host_notification_period 24x7     service_notification_options w,u,c,r     host_notification_options d,r     service_notification_commands notify-service-by-email     host_notification_commands notify-host-by-email     email [email protected] } define contactgroup{     contactgroup_name admins     alias Nagios Administrators     members root }

  Read the article

< Previous Page | 809 810 811 812 813 814 815 816 817 818 819 820  | Next Page >