Search Results

Mandatory Access Controls (MAC) like SELinux or TOMOYO allow you to create a policy that can deny access to files. The problem, and that's why I said it would probably be convoluted, is that it is...

On systems that support MAC you may be able to modify a policy to deny writes to files, denying policy alteration and denying reboot (convoluted). On file systems that support it you can set the...

Why not start by enumerating what actually runs on top of the web server? Get the exact names and versions of whatever web log, forum, shopping cart, photo gallery, statistics, web-based management...

First of all tcp_wrappers may be considered complementary in a multi-layered approach to network access restrictions but there's a fundamental difference between tcp_wrappers and Netfilter. The first...

Disable the original rule, copy it to rules.local and edit it so it doesn't apply to HTTPS?

While it seems to be a reflex both new and seasoned Linux admins fall for and while information can be gleaned from existing files, killing processes without recording details first does not help or...

...and if you don't need to comply with SOX, Basel II, HSPD-12, FFIEC, HIPAA, FERPA, PCI-DSS and you're not in the market for a commercially licensed Privileged Account / Identity / User Management...

The second column is the type of terminal: tty for physical console, pts for pseudo-ttys and colon+integer notation you may remember from dealing with X11/Xorg. So these lines would signify not a...

After you run the 'make' command from your tutorial in the john-1.7.*/src directory, and after compilation is successfully finished all files, will end up in the john-1.7.*/run directory. JTR does...

Just like you installed it previously?

Reinstall JTR.

Apart from undefined characteristics like "powerful": Samhain can store file contents but file size is limited. BTW, there's a reason people emphasize making (off-site) backups is a Good Thing.

I think it is great you emphasize the importance of performance but continuing to put emphasis on it begs the question why you did not see fit to address it in your OP (original post)?



By...

Those disappointed by the lack of details handouts sure could call it RTF(ine)M or accuse me of handwaving, NP, but anyone with basic GNU/Linux admin skills (as in knowing how to read the...

Nice write-up but it's a non-standard and maintenance-prone "solution". Maybe people not like you (;-p) should choose a combination of iptables rate limiting, webserver "BrowserMatch" and...

AFAIK this is not a Linux Security forum question but OK. /var/spool/mail contents are basically plain text files (mbox format) so egrepping for ^Date (as in `date +'%a, %d %b %Y'`) and ^Subject...

What does "does not work" mean here? And there are no "Solaris 9 certificates" as far as I know. SSL certificates adhere to standards, are platform independent and should be accessable by any...

Apparently it can do remote TCP or UDP, I must have read over that. But with syslogging I mean using a facility/prio combo as in 'man 3 syslog' like the others do. I suppose I should have been more...

That's all nice but that patched Ksh does not hook into Syslog (wrt an implications of an application being allowed to do housekeeping on its own auditing, corellation benefits of centralized...

Have a look at 'rootsh'.



Rootsh can log to syslog so the only thing you need to do is make the remote syslog server also listen for external syslog messages and configure your local syslog...

Apart from addressing details AFAIK ip6tables ain't different from iptables. If you don't know how to write rules at all then you might want to start reading. The Iptables Tutorial 1.2.2...

Are you using some alias or LC_ALL setting? Works as advertised for me.

Unfortunately saying you've tried isn't the same as saying "look, this is what we've tried (posted code) and this is how it failed (posted error messages and whatnot)". Maybe not what you're looking...

No need to act all confused about things. I see you already found VMware. Other than that there is Cygwin, QEmu, virtualbox. Hell, you could use a free shell account or boot some Live CD if...

It makes no sense to start a new thread for a reply within the same topic you started here:...