Search Results

Search found 9545 results on 382 pages for 'least privilege'.

Page 1/382 | 1 2 3 4 5 6 7 8 9 10 11 12  | Next Page >

  • Creating static NAT blocks outbound traffic Cisco ASA

    - by natediggs
    Hi Everyone, I have two web servers sitting behind a Cisco ASA 5505, which I don't have much experience with. I'm trying to create two static NATs. One static NAT that goes to xx.xx.xx.150 and another that goes to xx.xx.xx.151. I've created the static NAT for the .150 web server and it works FINE. Incoming and outgoing traffic work great. This is the staging web server. I now need to duplicate the setup for the production web server. So, I connect the webserver to the firewall, change the public IP address on one of the NICs reboot the server and I have outbound internet access. Then I run the command: static (inside,outside) xx.xx.xx.150 192.168.1.x which is successful. I then run the command: access-list acl-outside permit tcp any host xx.xx.xx.150 eq 80 Which is successful. I then try to browse the internet and I get nothing. I try to telnet in through port 80 and I get nothing (though I'm guessing because the response to the telnet request is being blocked). I've tried this with the production web server and then I tried it with another web server that is for internal testing and have the exact same problem. Both work fine until I run the static NAT rule and then no outbound internet access. I have a feeling that it's something simple that I'm missing, but my limited experience with this device is killing me. Below I've pasted the current configuration. I'm currently trying to get this to work on the .153 server which is the internal testing server. Once I can verify that works, I'll try it with production. : Saved : ASA Version 8.2(4) ! hostname QG domain-name XX.com enable password passwd names ! interface Ethernet0/0 switchport access vlan 2 ! interface Ethernet0/1 ! interface Ethernet0/2 ! interface Ethernet0/3 ! interface Ethernet0/4 ! interface Ethernet0/5 ! interface Ethernet0/6 ! interface Ethernet0/7 ! interface Vlan1 nameif inside security-level 100 ip address 192.168.1.1 255.255.255.0 ! interface Vlan2 nameif outside security-level 0 ip address XX.XX.XX.148 255.255.255.0 ! interface Vlan3 shutdown no forward interface Vlan1 nameif dmz security-level 50 ip address dhcp ! boot system disk0:/asa824.bin ftp mode passive clock timezone EST -5 clock summer-time EDT recurring dns server-group DefaultDNS domain-name fw.XXgroup.com same-security-traffic permit inter-interface access-list acl-outside extended permit tcp any host XX.XX.XX.150 eq www access-list acl-outside extended permit tcp any host XX.XX.XX.150 eq https access-list acl-outside extended permit tcp any host XX.XX.XX.151 eq www access-list acl-outside extended permit tcp any host XX.XX.XX.151 eq https access-list acl-outside extended permit tcp any host XX.XX.XX.153 eq www access-list inside_access_in extended permit ip 192.168.1.0 255.255.255.0 any access-list inside_nat0_outbound extended permit ip any 192.168.1.32 255.255.255.240 pager lines 24 logging enable logging asdm informational mtu inside 1500 mtu outside 1500 mtu dmz 1500 ip local pool VPNIPs 192.168.1.35-192.168.1.44 mask 255.255.255.0 icmp unreachable rate-limit 1 burst-size 1 asdm image disk0:/asdm-635.bin no asdm history enable arp timeout 14400 global (outside) 1 interface nat (inside) 0 access-list inside_nat0_outbound nat (inside) 1 0.0.0.0 0.0.0.0 static (inside,outside) XX.XX.XX150 192.168.1.100 netmask 255.255.255.255 static (inside,outside) XX.XX.XX153 192.168.1.102 netmask 255.255.255.255 access-group acl-outside in interface outside route outside 0.0.0.0 0.0.0.0 XX.XX.XX129 1 timeout xlate 3:00:00 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02 timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00 timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00 timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute timeout tcp-proxy-reassembly 0:01:00 dynamic-access-policy-record DfltAccessPolicy aaa authorization command LOCAL http server enable http 192.168.1.0 255.255.255.0 inside http 0.0.0.0 0.0.0.0 outside no snmp-server location no snmp-server contact snmp-server enable traps snmp authentication linkup linkdown coldstart crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac crypto ipsec security-association lifetime seconds 28800 crypto ipsec security-association lifetime kilobytes 4608000 crypto dynamic-map outside_dyn_map 20 set pfs group1 crypto dynamic-map outside_dyn_map 20 set transform-set ESP-3DES-SHA crypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_map crypto map outside_map interface outside crypto isakmp enable outside crypto isakmp policy 10 authentication crack encryption 3des hash sha group 2 lifetime 86400 no crypto isakmp nat-traversal client-update enable telnet timeout 5 ssh timeout 5 console timeout 0 dhcpd auto_config outside ! dhcpd address 192.168.1.2-192.168.1.33 inside dhcpd dns 208.77.88.4 interface inside dhcpd enable inside ! threat-detection basic-threat threat-detection statistics access-list no threat-detection statistics tcp-intercept webvpn enable outside svc image disk0:/sslclient-win-1.1.0.154.pkg 1 svc image disk0:/anyconnect-win-2.5.2019-k9.pkg 2 svc enable group-policy ATSAdmin internal group-policy ATSAdmin attributes dns-server value 208.77.88.4 208.85.174.9 vpn-tunnel-protocol IPSec svc webvpn webvpn url-list none svc keep-installer installed svc rekey method ssl svc ask enable username qgadmin password /oHfeGQ/R.bd3KPR encrypted privilege 15 username benl password 0HNIGQNI0uruJvhW encrypted privilege 0 username benl attributes vpn-group-policy ATSAdmin username kuzma password rH7MM7laoynyvf9U encrypted privilege 0 username kuzma attributes vpn-group-policy ATSAdmin username nate password BXHOURyT37e4O5mt encrypted privilege 0 username nate attributes vpn-group-policy ATSAdmin tunnel-group ATSAdmin type remote-access tunnel-group ATSAdmin general-attributes address-pool VPNIPs default-group-policy ATSAdmin tunnel-group SSLVPN type remote-access tunnel-group SSLVPN general-attributes address-pool VPNIPs default-group-policy ATSAdmin ! class-map inspection_default match default-inspection-traffic ! ! policy-map type inspect dns preset_dns_map parameters message-length maximum 512 policy-map global_policy class inspection_default inspect dns preset_dns_map inspect ftp inspect h323 h225 inspect h323 ras inspect rsh inspect rtsp inspect esmtp inspect sqlnet inspect skinny inspect sunrpc inspect xdmcp inspect sip inspect netbios inspect tftp inspect ip-options ! service-policy global_policy global privilege cmd level 3 mode exec command perfmon privilege cmd level 3 mode exec command ping privilege cmd level 3 mode exec command who privilege cmd level 3 mode exec command logging privilege cmd level 3 mode exec command failover privilege show level 5 mode exec command running-config privilege show level 3 mode exec command reload privilege show level 3 mode exec command mode privilege show level 3 mode exec command firewall privilege show level 3 mode exec command interface privilege show level 3 mode exec command clock privilege show level 3 mode exec command dns-hosts privilege show level 3 mode exec command access-list privilege show level 3 mode exec command logging privilege show level 3 mode exec command ip privilege show level 3 mode exec command failover privilege show level 3 mode exec command asdm privilege show level 3 mode exec command arp privilege show level 3 mode exec command route privilege show level 3 mode exec command ospf privilege show level 3 mode exec command aaa-server privilege show level 3 mode exec command aaa privilege show level 3 mode exec command crypto privilege show level 3 mode exec command vpn-sessiondb privilege show level 3 mode exec command ssh privilege show level 3 mode exec command dhcpd privilege show level 3 mode exec command vpn privilege show level 3 mode exec command blocks privilege show level 3 mode exec command uauth privilege show level 3 mode configure command interface privilege show level 3 mode configure command clock privilege show level 3 mode configure command access-list privilege show level 3 mode configure command logging privilege show level 3 mode configure command ip privilege show level 3 mode configure command failover privilege show level 5 mode configure command asdm privilege show level 3 mode configure command arp privilege show level 3 mode configure command route privilege show level 3 mode configure command aaa-server privilege show level 3 mode configure command aaa privilege show level 3 mode configure command crypto privilege show level 3 mode configure command ssh privilege show level 3 mode configure command dhcpd privilege show level 5 mode configure command privilege privilege clear level 3 mode exec command dns-hosts privilege clear level 3 mode exec command logging privilege clear level 3 mode exec command arp privilege clear level 3 mode exec command aaa-server privilege clear level 3 mode exec command crypto privilege cmd level 3 mode configure command failover privilege clear level 3 mode configure command logging privilege clear level 3 mode configure command arp privilege clear level 3 mode configure command crypto privilege clear level 3 mode configure command aaa-server prompt hostname context call-home profile CiscoTAC-1 no active destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService destination address email [email protected] destination transport-method http subscribe-to-alert-group diagnostic subscribe-to-alert-group environment subscribe-to-alert-group inventory periodic monthly subscribe-to-alert-group configuration periodic monthly subscribe-to-alert-group telemetry periodic daily Cryptochecksum:0ed0580e151af288d865f4f3603d792a : end asdm image disk0:/asdm-635.bin no asdm history enable

    Read the article

  • Privilege Elevation only when and if required.

    - by Cameron Peters
    My application only very occasionally requires privilege elevation... I need to reference some 3rd party COM components that only work correctly when run as administrator. I would like my application to request privilege elevation only when it needs it... Generally, I don't want my application to run as administrator unless I need to use the 3rd party COM components. I see that CoCreateAsAdmin could potentially solve the problem, but the component author doesn't set up the required registry entries, and I'm not sure how to use CoCreateAsAdmin in C# and in conjuction with Runtime-Callable-Wrapper that is created by tlbimp. Another solution would be to spawn another process, but I have no experience with this yet... I don't want to create a completely separate application... I would be happy to create an assembly that runs in a separated elevated process if someone can show me how to make it work. Thanks...

    Read the article

  • C Privilege Escalation (With Password)

    - by AriX
    Hey everyone, I need to write a C program that will allow me to read/write files that are owned by root. However, I can only run the code under another user. I have the root password, but there are no "sudo" or "su" commands on the system, so I have no way of accessing the root account (there are practically no shell commands whatsoever, actually). I don't know a whole lot about UNIX permissions, so I don't know whether or not it is actually possible to do this without exploiting the system in some way or running a program owned by root itself (with +s or whatever). Any advice? Thanks! P.S. No, this isn't anything malicious, this is on an iPhone.

    Read the article

  • Accurate least-squares fit algorithm needed

    - by ggkmath
    I've experimented with the two ways of implementing a least-squares fit (LSF) algorithm shown here. The first code is simply the textbook approach, as described by Wolfram's page on LSF. The second code re-arranges the equation to minimize machine errors. Both codes produce similar results for my data. I compared these results with Matlab's p=polyfit(x,y,1) function, using correlation coefficients to measure the "goodness" of fit and compare each of the 3 routines. I observed that while all 3 methods produced good results, at least for my data, Matlab's routine had the best fit (the other 2 routines had similar results to each other). Matlab's p=polyfit(x,y,1) function uses a Vandermonde matrix, V (n x 2 matrix) and QR factorization to solve the least-squares problem. In Matlab code, it looks like: V = [x1,1; x2,1; x3,1; ... xn,1] % this line is pseudo-code [Q,R] = qr(V,0); p = R\(Q'*y); % performs same as p = V\y I'm not a mathematician, so I don't understand why it would be more accurate. Although the difference is slight, in my case I need to obtain the slope from the LSF and multiply it by a large number, so any improvement in accuracy shows up in my results. For reasons I can't get into, I cannot use Matlab's routine in my work. So, I'm wondering if anyone has a more accurate equation-based approach recommendation I could use that is an improvement over the above two approaches, in terms of rounding errors/machine accuracy/etc. Any comments appreciated! thanks in advance.

    Read the article

  • Degrading administrative privilege to standard with single admin user account

    - by Vivek S Panicker
    I recently met with a severe issue with user accounts. In my system, there is only administrator user named vivek. I added another user with name vivi and changed its privilege to administrator. After clicked on my username, vivek,and changed its privilege to standard. Since vivek is being the current user, I dropped with all administrator privileges. No password was set for the new administrator user vivi and hence it was disabled by default. I no longer access to any administrative activities. Later I corrected this by editing etc/group file. Isn't this a severe bug? Being the current administrator user, how could I degrade myself to a standard user and got out from administrator's seat? I did not get any warning messages indicating no other administrators exists to manage my system. I suggest this warning should be included there in user accounts when an administrator user changes his privilege without any enabled administrators. Your thoughts?

    Read the article

  • aide --init show lots of errors

    - by newbie14
    I have a brand new centos 6.2 server. The first thing I did is yum -y install aide and then next I did aide --init. Below is a whole lot of errors I got.What does it means must I reinstall it? Or leave it ? /usr/sbin/prelink: /usr/sbin/lusermod: at least one of file's dependencies has changed since prelinking Error on exit of prelink child process /usr/sbin/prelink: /usr/sbin/console-kit-daemon: at least one of file's dependencies has changed since prelinking Error on exit of prelink child process /usr/sbin/prelink: /usr/sbin/NetworkManager: at least one of file's dependencies has changed since prelinking Error on exit of prelink child process /usr/sbin/prelink: /usr/sbin/rtacct: at least one of file's dependencies has changed since prelinking Error on exit of prelink child process /usr/sbin/prelink: /usr/sbin/tcpdump: at least one of file's dependencies has changed since prelinking Error on exit of prelink child process /usr/sbin/prelink: /usr/sbin/dnsmasq: at least one of file's dependencies has changed since prelinking Error on exit of prelink child process /usr/sbin/prelink: /usr/sbin/getsebool: at least one of file's dependencies has changed since prelinking Error on exit of prelink child process /usr/sbin/prelink: /usr/sbin/ownership: at least one of file's dependencies has changed since prelinking Error on exit of prelink child process /usr/sbin/prelink: /usr/sbin/modem-manager: at least one of file's dependencies has changed since prelinking Error on exit of prelink child process /usr/sbin/prelink: /usr/sbin/pluginviewer: at least one of file's dependencies has changed since prelinking Error on exit of prelink child process /usr/sbin/prelink: /usr/sbin/sasl2-shared-mechlist: at least one of file's dependencies has changed since prelinking Error on exit of prelink child process /usr/sbin/prelink: /usr/sbin/ifdhandler: at least one of file's dependencies has changed since prelinking Error on exit of prelink child process /usr/sbin/prelink: /usr/sbin/mklost+found: at least one of file's dependencies has changed since prelinking Error on exit of prelink child process /usr/sbin/prelink: /usr/sbin/vpddecode: at least one of file's dependencies has changed since prelinking Error on exit of prelink child process /usr/sbin/prelink: /usr/sbin/skdump: at least one of file's dependencies has changed since prelinking Error on exit of prelink child process /usr/sbin/prelink: /usr/sbin/getpcaps: at least one of file's dependencies has changed since prelinking Error on exit of prelink child process /usr/sbin/prelink: /usr/sbin/lpasswd: at least one of file's dependencies has changed since prelinking Error on exit of prelink child process /usr/sbin/prelink: /usr/sbin/tmpwatch: at least one of file's dependencies has changed since prelinking Error on exit of prelink child process /usr/sbin/prelink: /usr/sbin/ck-log-system-stop: at least one of file's dependencies has changed since prelinking Error on exit of prelink child process /usr/sbin/prelink: /usr/sbin/alternatives: at least one of file's dependencies has changed since prelinking Error on exit of prelink child process /usr/sbin/prelink: /usr/sbin/avahi-daemon: at least one of file's dependencies has changed since prelinking Error on exit of prelink child process /usr/sbin/prelink: /usr/sbin/dump-acct: at least one of file's dependencies has changed since prelinking Error on exit of prelink child process /usr/sbin/prelink: /usr/sbin/luseradd: at least one of file's dependencies has changed since prelinking Error on exit of prelink child process /usr/sbin/prelink: /usr/sbin/nstat: at least one of file's dependencies has changed since prelinking Error on exit of prelink child process /usr/sbin/prelink: /usr/sbin/efibootmgr: at least one of file's dependencies has changed since prelinking Error on exit of prelink child process /usr/sbin/prelink: /usr/sbin/sasldblistusers2: at least one of file's dependencies has changed since prelinking Error on exit of prelink child process /usr/sbin/prelink: /usr/sbin/e2freefrag: at least one of file's dependencies has changed since prelinking Error on exit of prelink child process /usr/sbin/prelink: /usr/sbin/sa: at least one of file's dependencies has changed since prelinking Error on exit of prelink child process /usr/sbin/prelink: /usr/sbin/lgroupadd: at least one of file's dependencies has changed since prelinking Error on exit of prelink child process /usr/sbin/prelink: /usr/sbin/ss: at least one of file's dependencies has changed since prelinking Error on exit of prelink child process /usr/sbin/prelink: /usr/sbin/dmidecode: at least one of file's dependencies has changed since prelinking Error on exit of prelink child process /usr/sbin/prelink: /usr/sbin/sktest: at least one of file's dependencies has changed since prelinking Error on exit of prelink child process /usr/sbin/prelink: /usr/sbin/fdformat: at least one of file's dependencies has changed since prelinking Error on exit of prelink child process /usr/sbin/prelink: /usr/sbin/saslpasswd2: at least one of file's dependencies has changed since prelinking Error on exit of prelink child process /usr/sbin/prelink: /usr/sbin/selinuxenabled: at least one of file's dependencies has changed since prelinking Error on exit of prelink child process /usr/sbin/prelink: /usr/sbin/pppstats: at least one of file's dependencies has changed since prelinking Error on exit of prelink child process /usr/sbin/prelink: /usr/sbin/wpa_supplicant: at least one of file's dependencies has changed since prelinking Error on exit of prelink child process /usr/sbin/prelink: /usr/sbin/capsh: at least one of file's dependencies has changed since prelinking Error on exit of prelink child process /usr/sbin/prelink: /usr/sbin/togglesebool: at least one of file's dependencies has changed since prelinking Error on exit of prelink child process /usr/sbin/prelink: /usr/sbin/kppp: at least one of file's dependencies has changed since prelinking Error on exit of prelink child process /usr/sbin/prelink: /usr/sbin/lgroupmod: at least one of file's dependencies has changed since prelinking Error on exit of prelink child process /usr/sbin/prelink: /usr/sbin/cracklib-unpacker: at least one of file's dependencies has changed since prelinking Error on exit of prelink child process /usr/sbin/prelink: /usr/sbin/getcap: at least one of file's dependencies has changed since prelinking Error on exit of prelink child process /usr/sbin/prelink: /usr/sbin/avcstat: at least one of file's dependencies has changed since prelinking Error on exit of prelink child process /usr/sbin/prelink: /usr/sbin/lnstat: at least one of file's dependencies has changed since prelinking Error on exit of prelink child process /usr/sbin/prelink: /usr/sbin/filefrag: at least one of file's dependencies has changed since prelinking Error on exit of prelink child process /usr/sbin/prelink: /usr/sbin/lid: at least one of file's dependencies has changed since prelinking Error on exit of prelink child process /usr/sbin/prelink: /usr/sbin/bonobo-activation-sysconf: at least one of file's dependencies has changed since prelinking Error on exit of prelink child process /usr/sbin/prelink: /usr/sbin/lockdev: at least one of file's dependencies has changed since prelinking Error on exit of prelink child process /usr/sbin/prelink: /usr/sbin/mcelog: at least one of file's dependencies has changed since prelinking Error on exit of prelink child process /usr/sbin/prelink: /usr/sbin/cifs.upcall: at least one of file's dependencies has changed since prelinking Error on exit of prelink child process /usr/sbin/prelink: /usr/sbin/pcscd: at least one of file's dependencies has changed since prelinking Error on exit of prelink child process /usr/sbin/prelink: /usr/sbin/brctl: at least one of file's dependencies has changed since prelinking Error on exit of prelink child process /usr/sbin/prelink: /usr/sbin/logrotate: at least one of file's dependencies has changed since prelinking Error on exit of prelink child process /usr/sbin/prelink: /usr/sbin/wpa_passphrase: at least one of file's dependencies has changed since prelinking Error on exit of prelink child process /usr/sbin/prelink: /usr/sbin/pppdump: at least one of file's dependencies has changed since prelinking Error on exit of prelink child process /usr/sbin/prelink: /usr/sbin/lsof: at least one of file's dependencies has changed since prelinking Error on exit of prelink child process /usr/sbin/prelink: /usr/sbin/ck-log-system-start: at least one of file's dependencies has changed since prelinking Error on exit of prelink child process /usr/sbin/prelink: /usr/sbin/setcap: at least one of file's dependencies has changed since prelinking Error on exit of prelink child process /usr/sbin/prelink: /usr/sbin/rtkitctl: at least one of file's dependencies has changed since prelinking Error on exit of prelink child process /usr/sbin/prelink: /usr/sbin/latencytop: at least one of file's dependencies has changed since prelinking Error on exit of prelink child process /usr/sbin/prelink: /usr/sbin/wpa_cli: at least one of file's dependencies has changed since prelinking Error on exit of prelink child process /usr/sbin/prelink: /usr/sbin/saned: at least one of file's dependencies has changed since prelinking Error on exit of prelink child process

    Read the article

  • Graphing perpendicular offsets in a least squares regression plot in R

    - by D W
    I'm interested in making a plot with a least squares regression line and line segments connecting the datapoints to the regression line as illustrated here in the graphic called perpendicular offsets: http://mathworld.wolfram.com/LeastSquaresFitting.html I have the plot and regression line done here: ## Dataset from http://www.apsnet.org/education/advancedplantpath/topics/RModules/doc1/04_Linear_regression.html ## Disease severity as a function of temperature # Response variable, disease severity diseasesev<-c(1.9,3.1,3.3,4.8,5.3,6.1,6.4,7.6,9.8,12.4) # Predictor variable, (Centigrade) temperature<-c(2,1,5,5,20,20,23,10,30,25) ## Fit a linear model for the data and summarize the output from function lm() severity.lm <- lm(diseasesev~temperature,data=severity) # Take a look at the data plot( diseasesev~temperature, data=severity, xlab="Temperature", ylab="% Disease Severity", pch=16 ) abline(severity.lm,lty=1) title(main="Graph of % Disease Severity vs Temperature") Should I use some kind of for loop and segments http://www.iiap.res.in/astrostat/School07/R/html/graphics/html/segments.html to do the perpendicular offsets? Is there a more efficient way? Please provide an example if possible.

    Read the article

  • CVE-2014-3520 Privilege Escalation vulnerability in OpenStack Keystone

    - by Ritwik Ghoshal
    CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution CVE-2014-3520 Privilege Escalation vulnerability 3.5 OpenStack Identity (Keystone) Solaris 11.2 11.2.1.5.0 This notification describes vulnerabilities fixed in third-party components that are included in Oracle's product distributions.Information about vulnerabilities affecting Oracle products can be found on Oracle Critical Patch Updates and Security Alerts page.

    Read the article

  • Newbie: get access privilege

    - by Mellon
    I am newbie on Linux Ubuntu machine. I logged in to the Ubuntu with username: student. There are some directories only allowed root user to access, for example /var/lib/mysql ,(I know I can use sudo to access but it is not what I want). If I want to get the access privilege on those directories with student account, is it so that I can run the following command : chown student: PATH_TO_ROOT_USER_PRIVILEGED_DIR and after that, I can access that directory by using my own account ? am I right? If I am right, then will root user lose the access privilege because I changed it to student user? If I am wrong, please tell me the right solution. P.S. please don't concern on what I am going to do on /var/lib/mysql directory, that is only my example, as I mentioned above, I mean generally *for those directories which only have root privilege*, can I use chown to change access privilege and will root user then loose the access because of the change made by chown ? I just wanna know the effect of chown.

    Read the article

  • Ubuntu no longer prompts for root privilege (but doesn't give it either)

    - by Elad Avron
    So on 14.04 LTS I was playing around with some settings to solve another problem, and somehow managed to screw things up and now Ubuntu no longer asks for root privileges before trying to perform administrative actions. The catch is that my user does NOT have them by default, which means those actions ALL fail. I can still run "sudo " from terminal and it'll ask for my password and work fine, but any GUI that requires root just fails without asking anything. Any ideas what I did wrong and how to solve it? Thanks in advance.

    Read the article

  • BIOS interrupts, privilege levels and paging

    - by Jack
    Hi, I was learning about Intel 8086-80486 CPUs and their interactions with HW. But I still don´t understand it quite well. Please, help me fill blank spots. First, I know that CPU communicates with HW using BIOS interrupts. But, what really happens in PC, when I call some INT instruction? I know that according the interrupt table some instructions begin to execute, but how by executing some instructions can BIOS recognize what I want to do? Becouse as far as I know, CPU has no extra communication channel with BIOS, it can only adress memory and receive data. So how can I instruct BIOS to do something, when I can only address RAM? Next thing I don't understand is about privilege levels. I know about ring model, and access rights, but how does the CPU know which privilege level has executed an instruction? I think that these privileges apply only when intruction is trying to address memory, but how does an application get its privilege level? I mean I know its level 3, but how is it set? And last thing, I know that paging is address scheme that is used to support aplication-transparent virtual memory, or swapping, but I could not find any information about how paging is tied with protected mode. Like if paging is like next mode independent of protected mode, or its somehow implemented within protected mode. And if it is implemented in protected mode, isn´t it too slow, to first address application space, then offset, and then paging folder, page and offset once again?

    Read the article

  • Changing privilege rights on Arch Linux for a particular program

    - by sherrellbc
    I am quite new to linux and have had issues surrounding every program that I install. Basically, anything that is placed outside of my home directory requires a sudo call prior to opening/executing. I cannot write to files, open usb devices, or run programs that exist outside of this directory (specifically, above this directory). I know this is a privilege problem, but I come here to ask how this can be permanently stopped. How can I configure things such that when programs are installed I do not have to manually find the executable and change its privilege requirements?

    Read the article

  • Why do I start at privilege level 1 when logging into a Cisco ASA 5510?

    - by Alain O'Dea
    I have created a test user that is set to privilege 15 in the config: username test password **************** encrypted privilege 15 When I log in to the ASA 5510 I am in privilege 1 according to sh curpriv: login as: test [email protected]'s password: Type help or '?' for a list of available commands. asa> sh curpriv Username : test Current privilege level : 1 Current Mode/s : P_UNPR Attempting enable fails even though I know I have the correct enable password: asa> en Password: ************************* Password: ************************* Password: ************************* Access denied. Logging in from unprivileged puts me on privilege 15 and I can do as a please: asa> login Username : test Pasword: ************************* asa> sh curpriv Current privilege level : 15 Current Mode/s : P_PRIV asa> The only thing I can track this to is a configuration change I made where I removed a VPN user we no longer needed. Why do I start at privilege level 1 when logging into a Cisco ASA 5510?

    Read the article

  • Giving Select Windows Domain Users Symbolic Link Privilege

    - by fp0n
    I would like to setup select users on our domain to have the ability to create symbolic links on local NTFS drives and network shares without needing to run as Administrator, as part of an application with will call the CreateSymbolicLink() API directly. The default configuration for our users is to be Administrator of their computer and I think I am fighting UAC to make the privileges work the way that I want because of that. I found this link on MSDN: http://social.msdn.microsoft.com/Forums/en-SG/windowssdk/thread/fa504848-a5ea-4e84-99b7-0eb4e469cbef which describes the interaction between the SeCreateSymbolicLinkPrivilege, UAC and a domain but really does not have a solution. Here's the three options I've come up with: 1) Create a new group, give the SeCreateSymbolicLinkPrivilege to the group and assign users to the group 2) Give each individual user (2 now, more later) the privilege 3) Give the privilege to the default User group which opens it up to all Users 4) Change config so Users are not Admins by default (probably would work but not likely) Based on my testing, only 3 works for me and that is the least desirable but I've only got a local server to test with, not a domain. I need to recommend to the admin how to set this up and also have something that we can easily explain to other users of our application that are on their own domain or not on a domain. The other option seems to be to create a Service that runs with a SYSTEM account that creates the links for the application but I'd rather not go that route. Thanks.

    Read the article

  • The Most Common and Least Used 4-Digit PIN Numbers [Security Analysis Report]

    - by Asian Angel
    How ‘secure’ is your 4-digit PIN number? Is your PIN number a far too common one or is it a bit more unique in comparison to others? The folks over at the Data Genetics blog have put together an interesting analysis report that looks at the most common and least used 4-digit PIN numbers chosen by people. Numerically based (0-9) 4-digit PIN numbers only allow for a total of 10,000 possible combinations, so it stands to reason that some combinations are going to be far more common than others. The question is whether or not your personal PIN number choices are among the commonly used ones or ‘stand out’ as being more unique. Note 1: Data Genetics used data condensed from released, exposed, & discovered password tables and security breaches to generate the analysis report. Note 2: The updates section at the bottom has some interesting tidbits concerning peoples’ use of dates and certain words for PIN number generation. The analysis makes for very interesting reading, so browse on over to get an idea of where you stand with regards to your personal PIN number choices. 8 Deadly Commands You Should Never Run on Linux 14 Special Google Searches That Show Instant Answers How To Create a Customized Windows 7 Installation Disc With Integrated Updates

    Read the article

  • least privilege account for WinRM remote calls on Windows 2008 Server

    - by aldrin
    ServerFault Windows experts: please consider the following use case: I have 2 Windows 2008 Server SP2 boxes let’s call them – SOURCE, CLIENT. On SOURCE: I create a new user called 'normal'. Just a plain user - no special privileges. On CLIENT: I run the following from a command prompt winrm get wmi/root/cimv2/Win32_UTCTime -r:SOURCE -u:normal -p:NormalPassword I get an output containing WSManFault: Message = Access is denied. On CLIENT: I repeat step 3 with the administrator identity, i.e. winrm get wmi/root/cimv2/Win32_UTCTime -r:SOURCE -u:Administrator -p:AdminPassword I get the current UTC time at SOURCE. The question is, what are the least privileges I need to assign to the user 'normal' to ensure that Step 3 behaves like Step 5. In other words, what's the least privilege to enable WinRM access for a non-Admin account?

    Read the article

  • Update RDS db via mysqlbinlog: "you need (at least one of) the SUPER privilege(s)"

    - by timoxley
    We are moving a production site to EC2/RDS Followed these instructions: http://geehwan.posterous.com/moving-a-production-mysql-database-to-amazon I have set up row-based binary logging on the production server did a: mysqldump --single-transaction --master-data=2 -C -q -u root -p backup.sql then imported to RDS instance. No dramas. Due to the size of the db, and minimal downtime requirements, I've got to update the ec2 db to the latest datas via the binlogs, and it won't let me. mysqlbinlog mysql-bin.000004 --start-position=360812488 | mysql -uroot -p -h and it says: ERROR 1227 (42000) at line 6: Access denied; you need (at least one of) the SUPER privilege(s) for this operation My guess, based on what is on line 6 of the binlog, is that it's the 'write to the BINLOG' statements in the SQL backup, and because RDS doesn't support this, it can't run these statements, or something, I don't really know. Please help.

    Read the article

  • Win 7 Privilege Level (Run as administrator) via GP or command line

    - by FinalizedFrustration
    Is there a way to set the Privilege Level for legacy software via group policy or on the command line? I have some legacy software, which we unfortunately cannot move away from. This software requires administrator access. I know I can go into the Properties dialog and check "Run this program as an administrator" on every single instance on every single one of my workstations, but that gets old after the 30th install. If I had my way, we would dump this software, find some software that did what we needed, was fully compliant with Win7 security best-practices and give everyone limited user accounts... However, I am not the boss, so everyone gets administrator accounts. Given that, I suppose I could just tell everyone to open the context menu and choose "Run as administrator", but we have some very, very, VERY low-tech users, and half of them might just choose "Delete" instead. Anyone know of a way to set this option on the command line? or better yet, through Group Policy?

    Read the article

  • Gnu/Linux package manager, multiple versions, no root privilege

    - by user744629
    I'm looking for a Gnu/Linux package manager, that can help to package, distribute, install sofware (actually scientific libraries), like this: do not required root privilege, for example, install in $HOME/opt or $HOME/local manage muliple version of a library, for example, with this directories organisation: $HOME/opt/somelib/4.2.1/lib/ $HOME/opt/somelib/4.2.1/include/ $HOME/opt/somelib/4.2.1/bin/ $HOME/opt/somelib/4.2.2/lib/ $HOME/opt/somelib/4.2.2/include/ $HOME/opt/somelib/4.2.2/bin/ $HOME/opt/anotherlib/1.0.0/lib/ $HOME/opt/anotherlib/1.0.0/include/ $HOME/opt/anotherlib/1.0.0/bin/ package contains source files, not binaries, build is performed during install. support for Mac OS X too would be good. Then it's up to the user to manage it's LD_LIBRARY_PATH, or compile with -L/good/path etc. Does it exists?

    Read the article

  • Windows Server 2008 Create Symbolic Link, updated Security Policy still gives privilege error

    - by Matt
    Windows Server 2008, RC2. I am trying to create a symbolic/soft link using the mklink command: mklink /D LinkName TargetDir e.g. c:\temp\>mklink /D foo bar This works fine if I run the command line as Administrator. However, I need it to work for regular users as well, because ultimately I need another program (executing as a user) to be able to do this. So, I updated the Local Security Policy via secpol.msc. Under "Local Policies" "User Rights Management" "Create symbolic links", I added "Users" to the security setting. I rebooted the machine. It still didn't work. So I added "Everyone" to the policy. Rebooted. And STILL it didn't work. What on earth am I doing wrong here? I think my user is even an Administrator on this box, and running plain command line even with this updated policy in place still gives me: You do not have sufficient privilege to perform this operation.

    Read the article

  • Striving to be boring - or at least have boring systems

    - by merrillaldrich
    A developer I work with, whom I respect a great deal, reminded me of this truism today. I'm not sure who came up with the original, but they deserve credit wherever they are: “A good system administrator is a bored system administrator.” As a DBA, this really rings true for me. Being a DBA should not be a thrilling job. Within reason, there should not be myriad surprises, nor a roller coaster ride, wondering what will break each day. There should not be numerous 2 AM calls or frantic fixes. If there...(read more)

    Read the article

1 2 3 4 5 6 7 8 9 10 11 12  | Next Page >