07-25-2008
Thanks guys...
10 More Discussions You Might Find Interesting
1. UNIX for Dummies Questions & Answers
Hi!
I am trying to get info/best practices/how-to harden unix,
especially solaris!
Appreciate any leads please..................... (3 Replies)
Discussion started by: sdharmap
3 Replies
2. Solaris
So I've just done my first install of Solaris. I installed it on an x86 system and am now in the processing of figuring out what I need to do to 'harden' it. I've got the Security kit downloaded (jass) but I am not sure what to do with the .tar file.
I can't seem to find any easy steps to... (6 Replies)
Discussion started by: flood
6 Replies
3. UNIX for Dummies Questions & Answers
As per Hardening guide for the server.
ICMP Broadcast Response: The kernel parameter icmp_echo_ignore_broadcasts must match to 1
However when i check the value of icmp_echo_ignore_broadcasts it thrown an error as unkonwn key.
# sysctl icmp_echo_ignore_broadcasts
error:... (2 Replies)
Discussion started by: pinga123
2 Replies
4. Solaris
Hi guys,
Is there any script or program which i can use to verify that my hardening setting is all correct ? Recently i am given a task to make sure my Sun servers are all harden properly though sunjass was already introduced. I need to generate a report to convince my manager that the settings... (0 Replies)
Discussion started by: ahlude
0 Replies
5. SuSE
Currently we are hardening our Solaris server using the Sun provided Jass Security tool kit.
How Can I implement the same security level on SUSE11 SP1?
Are there any tools similar/equivalent to Jass for SUSE11 SP1?
Tanks and Regards (1 Reply)
Discussion started by: vcfko
1 Replies
6. UNIX for Advanced & Expert Users
We've got a FTP server that's open to the public network and its running on Suse SUSE Linux Enterprise Server 11 (x86_64) SP2
Now, since it's an FTP server I can't disable that service, but how else do I harden this server from attacks from outside?
I am thinking of disabling the firewall and... (3 Replies)
Discussion started by: hedkandi
3 Replies
7. Solaris
Hi,
Where I could find information about "Jass hardening" for Solaris10?
Because, I change the /opt/SUNWjass/Files/etc/syslog.conf file. But yet I don't know if I must restart the jass (and how?) or I must to copy /opt/SUNWjass/Files/etc/syslog.conf to /etc/syslog.conf?
Thanks for your... (2 Replies)
Discussion started by: hiddenshadow
2 Replies
8. Cybersecurity
Does anyone have any experience hardening the c-icap.conf file? Here is the default config file, it has a lot of options; sorry about how long it is. I have removed some entries that were not needed as well, but it is still so long :D. Any help is much appreciated as I have never dealt with ICAP.
... (0 Replies)
Discussion started by: savigabi
0 Replies
9. Linux
Hi
We have a requirement to vary the minimum password criteria by the group to which a user belongs.
For example a standard user should have a password with a minimum length of 12 and containing a mix of characters whereas an administrator should have a password with a minimum length of 14... (1 Reply)
Discussion started by: gregsih
1 Replies
10. HP-UX
Hi,
The standard accounts that are created during the HP-UX installation, eg, bin,adm,daemon,uucp,lp,hpdb and nobody have their own shell.
Will there be any impact if we change these user's shell to /bin/false?
Like processes get interrupted, files cannot be generated, etc.
Regards (3 Replies)
Discussion started by: anaigini45
3 Replies
LEARN ABOUT MOJAVE
curlopt_proxy_ssl_verifypeer
CURLOPT_PROXY_SSL_VERIFYPEER(3) curl_easy_setopt options CURLOPT_PROXY_SSL_VERIFYPEER(3)
NAME
CURLOPT_PROXY_SSL_VERIFYPEER - verify the proxy's SSL certificate
SYNOPSIS
#include <curl/curl.h>
CURLcode curl_easy_setopt(CURL *handle, CURLOPT_PROXY_SSL_VERIFYPEER, long verify);
DESCRIPTION
Pass a long as parameter set to 1L to enable or 0L to disable.
This option tells curl to verifies the authenticity of the HTTPS proxy's certificate. A value of 1 means curl verifies; 0 (zero) means it
doesn't.
This is the proxy version of CURLOPT_SSL_VERIFYPEER(3) that's used for ordinary HTTPS servers.
When negotiating a TLS or SSL connection, the server sends a certificate indicating its identity. Curl verifies whether the certificate is
authentic, i.e. that you can trust that the server is who the certificate says it is. This trust is based on a chain of digital signa-
tures, rooted in certification authority (CA) certificates you supply. curl uses a default bundle of CA certificates (the path for that is
determined at build time) and you can specify alternate certificates with the CURLOPT_PROXY_CAINFO(3) option or the CURLOPT_PROXY_CAPATH(3)
option.
When CURLOPT_PROXY_SSL_VERIFYPEER(3) is enabled, and the verification fails to prove that the certificate is authentic, the connection
fails. When the option is zero, the peer certificate verification succeeds regardless.
Authenticating the certificate is not enough to be sure about the server. You typically also want to ensure that the server is the server
you mean to be talking to. Use CURLOPT_PROXY_SSL_VERIFYHOST(3) for that. The check that the host name in the certificate is valid for the
host name you're connecting to is done independently of the CURLOPT_PROXY_SSL_VERIFYPEER(3) option.
WARNING: disabling verification of the certificate allows bad guys to man-in-the-middle the communication without you knowing it. Disabling
verification makes the communication insecure. Just having encryption on a transfer is not enough as you cannot be sure that you are commu-
nicating with the correct end-point.
DEFAULT
1
PROTOCOLS
All
EXAMPLE
CURL *curl = curl_easy_init();
if(curl) {
curl_easy_setopt(curl, CURLOPT_URL, "https://example.com");
/* Set the default value: strict certificate check please */
curl_easy_setopt(curl, CURLOPT_PROXY_SSL_VERIFYPEER, 1L);
curl_easy_perform(curl);
}
AVAILABILITY
Added in 7.52.0
If built TLS enabled.
RETURN VALUE
Returns CURLE_OK if the option is supported, and CURLE_UNKNOWN_OPTION if not.
SEE ALSO
CURLOPT_PROXY_SSL_VERIFYHOST(3), CURLOPT_SSL_VERIFYPEER(3), CURLOPT_SSL_VERIFYHOST(3),
libcurl 7.54.0 December 16, 2016 CURLOPT_PROXY_SSL_VERIFYPEER(3)