Siobhan Gorman and Stephen Fidler, Wall Street Journal. Adversarial nations worldwide have adopted cyberespionage and cyberattacks as staples of modern warfare, and U.S. defense officials estimate that more than 100 countries are currently attempting to penetrate U.S. networks, with the greatest concentration of attacks based in China and Russia. U.S. military and civilian networks are [...]
The attached file contains 36 months data sorted in descending order by number of attempts and originating ip address.
Is it possible to block any type of communication with an ip address after so many (5 or 10) failed attempts. The documentation(for Openssh) says that it is possible to slow the... (8 Replies)
1. The problem statement, all variables and given/known data:
Prepare a report discussing from an administration and security perspective, role and function of a JavaScript within a UNIX network. You should illustrate your answer with practical examples. In particular attention should me paid to... (1 Reply)
This is the code:
while test 1 -eq 1
do
read a
$a
if test $a = stop
then
break
fi
done
I read a command on every loop an execute it.
I check if the string equals the word stop to end the loop,but it say that I gave too many arguments to test.
For example echo hello.
Now the... (1 Reply)
I've recently registered for the site and have found it very useful thus far. However, I am a student currently researching network attacks, specifically, denial of services and the damage posed to operating systems. If you have any information about this topic, please send to me.
Thanks,... (1 Reply)
Hi,
Could anyone direct me to any sites that have any info on unix attcks or hacks in the last 5 years. This is needed for an assignment. All help would be greatly appreciated.
Thanks:) (6 Replies)
elfsign(1) User Commands elfsign(1)NAME
elfsign - sign binaries for the Solaris Cryptographic Framework
SYNOPSIS
/usr/bin/elfsign sign [-a] -k private_key -c certificate_file -e elf_object
/usr/bin/elfsign verify [-c certificate_file] -e elf_object
/usr/bin/elfsign request -k private_key -r certificate_request_file
DESCRIPTION
sign Signs the elf object for use with the Solaris Cryptographic Framework, using the given private key and certificate file.
verify Verifies an existing signed object. Uses the certificate given or searches for an appropriate certificate in
/etc/crypto/certs if -c is not given.
request Generates a private key and a PKCS#10 certificate request. The PKCS#10 certificate request should be sent to the email
address solaris-crypto-req@sun.com to obtain a Certificate.
Users of elfsign must first generate a certificate request and obtain a certificate before using the other sub-commands.
OPTIONS
The following options are supported:
-a
Generates a signed ELF Sign Activation (.esa) file. This option is used when a cryptographic provider has nonretail export approval for
unrestricted use and desires retail approval by restricting which export sensitive callers (for example, IPsec) may use the provider.
This option assumes that the provider binary has previously been signed with a restricted certificate.
-c certificate_file
Specifies the path to an X.509 certificate in PEM/PKCS#7 or ASN.1 BER format.
-e elf_object
Specifies the path to the object to be signed or verified.
-k private_key
Specifies the location of the private key file when not using a PKCS#11 token. This file is an RSA Private key file in a Solaris spe-
cific format. When used with the request subcommand, this is the ouput file for the newly generated key.
-r certificate_request_file
Specifies the path to the certificate request file, which is in PKCS#10 format.
EXAMPLES
Example 1: Signing an ELF object using a key/certificate in a file
example$ elfsign sign -k myprivatekey -c mycert -e lib/libmylib.so.1
Example 2: Verifying an elf object's signature
example$ elfsign verify -c mycert -e lib/libmylib.so.1
elfsign: verification of lib/libmylib.so.1 passed
Example 3: Generating a certificate request
example$ elfsign request -k mykey -r req.pkcs10
Enter Company Name / Stock Symbol or some other globally unique identifier.
This will be the prefix of the Certificate DN: SUNW
The government of the United States of America restricts the export of
"open cryptographic interfaces", also known as "crypto-with-a-hole".
Due to this restriction, all providers for the Solaris cryptographic
framework must be signed, regardless of the country of origin.
The terms "retail" and "non-retail" refer to export classifications for
products manufactured in the USA. These terms define the portion of the
world where the product may be shipped.) Roughly speaking, "retail" is
worldwide (minus certain excluded nations) and "non-retail" is domestic
only (plus some highly favored nations). If your provider is subject to USA
export control, then you must obtain an export approval (classification)
from the government of the USA before exporting your provider. It is
critical that you specify the obtained (or expected, when used during
development) classification to the following questions so that your provider
will be appropriately signed.
Do you have retail export approval for use without restrictions based
on the caller (for example, IPsec)? [Yes/No] No
If you have non-retail export approval for unrestricted use of your
provider by callers, are you also planning to receive retail approval by
restricting which export sensitive callers (for example, IPsec) may
use your provider? [Yes/No] No
[...]
EXIT STATUS
The following exit values are returned:
VALUE MEANING SUB-COMMAND
0 Operation successful sign/verify/request
1 Invalid arguments
2 Failed to verify ELF object verify
3 Unable to open ELF object sign/verify
4 Unable to load or invalid cer- sign/verify
tificate
5 Unable to load or invalid pri- sign
vate key
6 Failed to add signature sign
7 Attempt to verify unsigned verify
object or object not an ELF
file
FILES
/etc/crypto/certs The /etc/crypto/certs directory is searched for the verify subcommand if the -c flag is not used.
ATTRIBUTES
See attributes(5) for descriptions of the following attributes:
+-----------------------------+-----------------------------+
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
+-----------------------------+-----------------------------+
|Availability |SUNWtoo |
+-----------------------------+-----------------------------+
|Interface Stability |Evolving |
+-----------------------------+-----------------------------+
SEE ALSO libpkcs11(3LIB), attributes(5)SunOS 5.10 19 Mar 2004 elfsign(1)
