Search Results

Search found 1434 results on 58 pages for 'dr bdo adams'.

Page 12/58 | < Previous Page | 8 9 10 11 12 13 14 15 16 17 18 19  | Next Page >

  • Block IP Address including ICMP using UFW

    - by dr jimbob
    I prefer ufw to iptables for configuring my software firewall. After reading about this vulnerability also on askubuntu, I decided to block the fixed IP of the control server: 212.7.208.65. I don't think I'm vulnerable to this particular worm (and understand the IP could easily change), but wanted to answer this particular comment about how you would configure a firewall to block it. I planned on using: # sudo ufw deny to 212.7.208.65 # sudo ufw deny from 212.7.208.65 However as a test that the rules were working, I tried pinging after I setup the rules and saw that my default ufw settings let ICMP through even from an IP address set to REJECT or DENY. # ping 212.7.208.65 PING 212.7.208.65 (212.7.208.65) 56(84) bytes of data. 64 bytes from 212.7.208.65: icmp_seq=1 ttl=52 time=79.6 ms ^C --- 212.7.208.65 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 79.630/79.630/79.630/0.000 ms Now, I'm worried that my ICMP settings are too generous (conceivably this or a future worm could setup an ICMP tunnel to bypass my firewall rules). I believe this is the relevant part of my iptables rules is given below (and even though grep doesn't show it; the rules are associated with the chains shown): # sudo iptables -L -n | grep -E '(INPUT|user-input|before-input|icmp |212.7.208.65)' Chain INPUT (policy DROP) ufw-before-input all -- 0.0.0.0/0 0.0.0.0/0 Chain ufw-before-input (1 references) ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmp type 3 ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmp type 4 ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmp type 11 ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmp type 12 ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmp type 8 ufw-user-input all -- 0.0.0.0/0 0.0.0.0/0 Chain ufw-user-input (1 references) DROP all -- 0.0.0.0/0 212.7.208.65 DROP all -- 212.7.208.65 0.0.0.0/0 How should I go about making it so ufw blocks ICMP when I specifically attempt to block an IP address? My /etc/ufw/before.rules has in part: # ok icmp codes -A ufw-before-input -p icmp --icmp-type destination-unreachable -j ACCEPT -A ufw-before-input -p icmp --icmp-type source-quench -j ACCEPT -A ufw-before-input -p icmp --icmp-type time-exceeded -j ACCEPT -A ufw-before-input -p icmp --icmp-type parameter-problem -j ACCEPT -A ufw-before-input -p icmp --icmp-type echo-request -j ACCEPT I'm tried changing ACCEPT above to ufw-user-input: # ok icmp codes -A ufw-before-input -p icmp --icmp-type destination-unreachable -j ufw-user-input -A ufw-before-input -p icmp --icmp-type source-quench -j ufw-user-input -A ufw-before-input -p icmp --icmp-type time-exceeded -j ufw-user-input -A ufw-before-input -p icmp --icmp-type parameter-problem -j ufw-user-input -A ufw-before-input -p icmp --icmp-type echo-request -j ufw-user-input But ufw wouldn't restart after that. I'm not sure why (still troubleshooting) and also not sure if this is sensible? Will there be any negative effects (besides forcing the software firewall to force ICMP through a few more rules)?

    Read the article

  • Does multiple files in SQL Server when using RAID help reduce conflicts in growth and file-locking?

    - by Dr Giles M
    I've been reading around and get the impression that if you are using RAID then using multiple SQL Server files within a filegroup won't yeild any more improvements, and the benefits are purely administrative (if you started to run out of space or wanted to partition off data into managable chunks for backups/balancing the data around your big server room). However, being a reasonably savvy software person, it's not unthinkable to hypothesise that, even for smaller databases that SQL Server will perform growth and locking operations (for writes) on a LOGICAL file basis, so even if you are using RAID, it seems to make sense to have multiple files in a file group to balance I/O, or does the time taken to reconstruct the data from distributed filegroups outweigh the benefits of reduced locking? I'm also aware that the behaviour and benefits may be different for tables/indeces/log. Is there a good site that distinguishes the benefits of multiple files when RAID is already in place?

    Read the article

  • Apache Directive for Allow From

    - by Dr. DOT
    I want to button down write access on a particular file using the Allow form directive in my httpd.conf file. I have a PHP script that I want to be the only resource that can write to this file. Is there a variation of the Allow from that I can define to make this happen?

    Read the article

  • What resources are best for staying current about information security?

    - by dr.pooter
    What types of sites do you visit, on a regular basis, to stay current on information security issues? Some examples from my list include: http://isc.sans.org/ http://www.kaspersky.com/viruswatch3 http://www.schneier.com/blog/ http://blog.fireeye.com/research/ As well as following the security heavyweights on twitter. I'm curious to hear what resources you recommend for daily monitoring. Anything specific to particular operating systems or other software. Are mailing lists still considered valuable. My goal would be to trim the cruft of all the things I'm currently subscribed to and focus on the essentials.

    Read the article

  • Search for partial IP address using Windows Search?

    - by Dr. Dre
    I have a folder, c:\projects\, added to Windows Index. I know the indexing is working because I search for stuff in this folder all the time and the results come up very fast, and I've never noticed any accuracy problem until now. (I have had to tweak Indexing options to expand which file types have their contents indexed rather than just the file name, etc, but after that Search has worked pretty well for me). I've encountered a problem while trying to search for references to a particular IP address subnet. I'm trying to find all references to IP's with the pattern "192.168.220.xxx" (AKA, the 192.168.220.0/24, AKA 192.168.220.0/255.255.255.0 IP/netmask). Within Windows Explorer: c:\projects**.* is indexed c:\projects\work\project1\network_list.txt contains several "192.168.220.xxx" IP's Indexing status says all items are indexed (193,000 items). When I try to search for partial IP match, there are no search results. Tried searching for: 192.168.220, 192.168, 192.168.220., 192.168.220., 192.168.220.?, 192.168.220.??, 192.168.220.???, 192.168., 192.168.. Also tried variants of all the above surrounded with double quotes. All the searches returned 0 results. Within MS Outlook 2007: My mailbox, and all my offline .pst's are indexed. I search in Outlook pretty frequently, so I'm pretty sure indexed searches work across inbox and all .pst's. Indexing status in Outlook says all items are indexed. I also have references to these IP's in email, and I'd like to find all of them. Basically same deal as above, can't search for "192.168.220.xxx" IP's. Any way to fix this?

    Read the article

  • What software can I use to pinpoint why Windows Server 2003 takes 15 seconds for any operation?

    - by Dr. Zim
    Ram is about 1/2 in use, four CPUs are all but idle. I tried "Microsoft Server Performance Advisor" with no luck. No entries in the Event Log for hardware failures, etc. And yet I can click on the start menu and wait 15 seconds for any new attempt. Launching software takes 30 seconds to respond. The server has an 8 drive WD RE 250 gig each Dell Perc 6 Sata raid array with Intel gigabit network cards. Anyone have any software titles that could analyze what is going wrong with this server?

    Read the article

  • Is a dedicated server similar in setup to a VPS?

    - by Dr Hydralisk
    I was thinking about getting a dedicated server (I may need the extra power that a VPS can't provide) from The Planet but I don't know to much about how you would operate one. I have experience in setting up multiple VPS's on Linode and Slicehost, I just select my OS in their CP and connect via SSH in putty and do my thing. Is it the same with dedicated servers (just chose you OS from the CP and connect via SSH and put on whatever crap you want)?

    Read the article

  • ldap sync with outlook

    - by Dr Casper Black
    Hi, I have a task to research the possibilities of LDAP as a centralized Address Book. I have setup a openLDAP on debian 5.07. I managed to search the LDAP contacts from MS Outlook 2007 (with some drawbacks like Outlook cant recognize street and organization fields). My question is, is it possible ,& how, to sync data on LDAP server with applications that support LDAP? I could not find any data on this topic.

    Read the article

  • Best and Proper Permissions Settings for Directory

    - by Dr. DOT
    I am interested in knowing the proper, yet security-conscious settings for a directory. Here's my scenario: I have a username for FTP access to my server called "user". For the purpose of the scenario, PHP runs as "nobody" on my server. I have a directory off the document root called "sample". The "sample" directory is chmod'd at 0755 (drwxr-xr-x) "Sample" is owned by "user" and the group is set to "user" The above is all very straight forward and standard. So I want to have a script be able to create (mkdir) and delete (rmdir) directories under "sample". Yet, I don't want to obviously overly expose my server by opening up the permissions (I could easily chmod sample to 0777 and make it world write-able). What is the best combination of permissions, owner settings and/or group settings to allow my script to create and delete directories under "sample" while retaining the ability for "user" to continue to FTP into the directory? Thanks.

    Read the article

  • Two parts: linux startup script to connect to bluetooth and cron to keep it connected

    - by D.R.
    I have a mini bluetooth keyboard and a Raspberry Pi running a Debian-based distro. I know the MAC address of the keyboard but for this question, let's just use AA:BB:CC:DD:EE:FF. Right now I have to have a wired keyboard connected as well as my bluetooth dongle for the mini-keyboard and on the wired keyboard, I have to run the following when the device boots up: sudo hidd --connect AA:BB:CC:DD:EE:FF If the device goes idle for too long, then the bluetooth disconnects and I have to pull out my wired keyboard and retype that same command. What I'm looking for it a way to have that command run at startup and a way to sense if it gets disconnected so that it will auto reconnect. The annoying thing is that they keyboard has to be in pairing mode (even though it has already been paired) when I run that command, otherwise it tells me the host is down. So perhaps the script needs to prevent it from disconnecting due to inactivity, otherwise I'll have to put it back in pairing mode to reconnect. So to recap: - A script to connect at startup (I can make sure to put the keyboard into pairing mode before turning it on) - A script to prevent it from disconnecting (maybe some sort of signal to send to it every 60 seconds or something?) Any help with this is greatly appreciated! StackOverflow is always the best place to find answers to weird questions! I've been searching long and hard for an answer, but finally had to resort to coming here! Thanks!

    Read the article

  • RHEL 5.2 installing on ProLiant BL460c - hangs at 'now booting the kernel'

    - by Dr Rocket Mr Socket
    As the title states, I have a problem. This server and the installation disc are also on the other side of the world to me so... So far, I have tried to start the install with the parameters: linux text noapic noacpi no=apic no=acpi which results in the same hang. I have also disabled a PCI ethernet adapter, I am uneasy about disabling the onboard ethernet adapter I do not know if ILO uses this. Anyone have any advice? Much appreciated. EDIT: full output after trying to begin the installation. boot: linux text Loading initrd.img.................. Loading vmlinuz....... Uncompressing Linux...done. Now booting the kernel stays on this for hours EDIT2: adding the 'mem=40960M' (server has 40 gigs of ram) parameter allows it to proceed but the following output directly after 'Now booting the kernal' Memory: sized by int13 0e801h initrd extends beyond end of memory (0x00ef2090 > 0x00000000) disabling initrd Console: 16 point font, 400 scans Console: colour VGA+ 80x25, 1 virtual console (max 63) pcibios_init : BIOS32 Service Directory Structure at 0x000ffee0 pcibios_init : BIOS32 Service Directory entry at 0xf0000

    Read the article

  • SVN: Error validating server certificate for svn hook linux

    - by Dr Casper Black
    Hi, I managed to setup a SVN (over SSL) server and TortoiseSVN client on Win. I made a Post-Commit Hook for test project. The Post-Commit will update the web dir so the App in PHP can be executed with the newest version. It all works when done over shell. The only problem is, when i commit the changes over the client in Win the change is commited but HOOK throws error post-commit hook failed (exit code 1) with output: Error validating server certificate for 'https://SERVER_IP:443': - The certificate is not issued by a trusted authority. Use the fingerprint to validate the certificate manually! - The certificate hostname does not match. Certificate information: - Hostname: DEVSRVR - Valid: from Fri, 28 Jan 2011 09:22:45 GMT until Sat, 28 Jan 2012 09:22:45 GMT - Issuer: PHP, SS, SS, SRB - Fingerprint: 5f:d0:50:d6:dd:a6:d4:64:a5:ac:3a:4b:7c:7d:33:e3:75:dd:23:9f (R)eject, accept (t)emporarily or accept (p)ermanently? svn: OPTIONS of 'https://SERVER_IP/svn/myproject/trunk': Server certificate verification failed: certificate issued for a different hostname, issuer is not trusted (https://SERVER_IP)

    Read the article

  • Wordpress multisite and redirect

    - by Dr I
    I come to you because I'm facing a really strange effect on my hosting. I currently manage a server contening a NGINX/PHP-CGI and a wordpress multisite in it. My sites are created using subsite.domaine.tld, for now, my three subsites are correctly accessibles through the url: subsite.domain.tld. My goal is to allow my subsite on the host domain to be access through their respective unique domain. For exemple: www.domainA.com would redirect to subsite1.host.domain.tld. If I do that using the following setting on the domainA Public DNS: www 10800 IN CNAME subsite1.host.domain.tld. When I try to access www.domainA.com I don't go to subsite1.host.domain.tld but instead I'm redirect to the Wordpress ROOT site where I create my Network (host.domain.tld). Is there a trick to deal with?

    Read the article

  • ldap sync with outlook

    - by Dr Casper Black
    I have a task to research the possibilities of LDAP as a centralized Address Book. I have setup a openLDAP on debian 5.07. I managed to search the LDAP contacts from MS Outlook 2007 (with some drawbacks like Outlook cant recognize street and organization fields). My question is, is it possible ,& how, to sync data on LDAP server with applications that support LDAP? I could not find any data on this topic. EDIT: The point is, to have a centralized list of contacts that can be sync with various applications, for instance Outlook, Thunderbird, Phonebook on mobile phones...etc The Question is, Is it possible to transfer (update) data on a client application from LDAP database and viceversa? So not to search LDAP server data, but to download contact that are not available in the client application (Outlook) and upload data to LDAP if the contact is in (Outlook) and not in LDAP database and the other way around, in other words synchronize.

    Read the article

  • How to delete a file with a space at end of the name and hidden attributes?

    - by Dr. Zim
    We have a hidden file with a space at the end of the file name. Usually, I take ownership of the file, then use a command line rename with the 8.3 (dir/x) file name. However, rename doesn't acknowledge hidden or system files. Any ideas on how to remove it? The original creator cannot access the file. The system is a Windows 2003 server with NTFS and SMB file sharing (normal windows file sharing).

    Read the article

  • Secure Apache Virtual Hosts?

    - by Dr Hydralisk
    I am going to host a few small sites on VPS, and each of them are going to run my own custom PHP scripts. I am fairly certain that they are secure (did everything in the book, plus some of which is not in the book) to make sure they can't be exploited. But just to be safe I want to know how I could secure each of the virtual hosts so that they can't escape from there virtual host (if a hacker uploaded a shell they could not go above the www folder a legitimate user can't do in ftp no matter how many times they click ..) folder on Debian and Apache.

    Read the article

  • Is there a test to see if hardware virtualization (vmx / svm) are presently enabled within a Linux session?

    - by Dr. Edward Morbius
    I'm writing procedures for configuring VirtualBox support for 64-bit SMP guests, which requires hardware virtualization suppot (VTx/Intel, AMD-V/AMD). I have successfully configured this myself, however I'd like the procedure to be clear. sed -ne '/^flags/s/^.*: //p' /proc/cpuinfo | egrep -q '(vmx|svm)' && echo Has hardware virt || echo No HW virt ... shows if the CPU is capable. I've still got to go enable the feature in BIOS. Any way to test from within Linux to see that this is no or not? Thanks. (Edit: s/xvm/svm/ in title)

    Read the article

  • pam auth via winbind, howto map primary group for users?

    - by dr gonzo
    I have unix users authenticating to an PDC (via winbind) and want to have the primary group of those users a local unix group (e.g. www-data). users have the group "domain users" with gid 10006 (as the gid winbind mapping) idmap uid = 10000-20000 idmap gid = 10000-20000 winbind enum groups = yes winbind enum users = yes winbind use default domain = yes winbind nested groups = yes but want that the primary group is 33 for all users (www-data) how to achieve that?

    Read the article

  • listing of VM's created before libvirt installation or started by any other VM management tool

    - by Dr. Death
    if my VM's are not created using virt-manager or are created using any other tool, then virsh system list command does not give them in the list of running VM's however they are running perfectly on my KVM server. Is there a way to list these VM's in my system list anyhow? I have VM's managed by GKVM, AQEMU, libvirt etc. also some of the user start their VM's using the qemu command as follows: kvm "image name" -m "memory". this starts the VM and allow them to work perfectly. but I am not able to list all these VM's using the virsh system list command.

    Read the article

  • OpenLDAP ACLs are not working

    - by Dr I
    First things first, I'm currently working with an OpenLDAP: slapd 2.4.36 on a Fedora release 19 (Schrödinger’s Cat). I've just install the openldap with yum and my configuration is the following one: ##### OpenLDAP Default configuration ##### # ##### OpenLDAP CORE CONFIGURATION ##### include /etc/openldap/schema/core.schema include /etc/openldap/schema/cosine.schema include /etc/openldap/schema/inetorgperson.schema include /etc/openldap/schema/nis.schema pidfile /var/lib/ldap/slapd.pid loglevel trace ##### Default Schema ##### database mdb directory /var/lib/ldap/ maxsize 1073741824 suffix "dc=domain,dc=tld" rootdn "cn=root,dc=domain,dc=tld" rootpw {SSHA}SECRETP@SSWORD ##### Default ACL ##### access to attrs=userpassword by self write by group.exact="cn=administrators,ou=builtin,ou=groups,dc=domain,dc=tld" write by anonymous auth by * none I launch my OpenLDAP service using: /usr/sbin/slapd -u ldap -h ldapi:/// ldap:/// -f /etc/openldap/slapd.conf As you can see it's a pretty simple ACL which aim to allow access to the userPassword attribute to a specific group read only, then to the owner read and write to anonymous requiring auth and refuse the access to everyone else. The problem is: Even using a valid user with correct password my ldapsearch ends with zero informations retrieved from the directory, plus I've got a strange response on the result line. # search result search: 2 result: 32 No such object # numResponses: 1 here is the ldapsearch request: ldapsearch -H ldap.domain.tld -W -b dc=domain,dc=tld -s sub -D cn=user,ou=service,ou=employees,ou=users,dc=domain,dc=tld I did not specify any filter as I want to check that ldapsearch is correctly printing only allowed attribute.

    Read the article

  • Does my Oracle DBA need root access?

    - by Dr I
    I'm currently discussing with my Oracle DBA Collegue that request a root access on our production servers. I'm not so hot to let him use the root access on our production servers. He is arguing that he need it to perform some operations like restarting the server and some other obscure arguments. The point is that I'm not agree with him because I've set him a Oracle user/group and a dba group where Oracle user belong. Everything is running smoothy and without any root permissions for now. I also think that all administrative tasks like scheduled server restart and so one need to be operated by the proper administrator (The Systems administrator on our case) to avoid any kind of issues related to a misunderstanding of the infrastructure interactions. So, I need the help of both, sysadmins and Oracle DBAs to lead me on the correct direction. If my collegue really need this rights I'll give him, but I'm just basically quite affraid of that because of security and integrity concerns. I know that my collegue is really good as a Oracle DBA and he know is work very well, but I also know that I've very few cases where a software and its admin really need root access. Once again, I'm not looking for pros/cons but rather an advice on the way that I should take to deal with this situation.

    Read the article

  • Struggling with proper way to setup Permissions on Linux/Apache Web Server

    - by Dr. DOT
    Your expert experience and assistance is great, greatly appreciated here. I have been running a LAMP server for a long time, yet I still struggle with the best way to set file & directory permissions for FTP and WWW protocol activity. My Control panel is WHM/cPanel (not that it makes a difference), and out-of-the box: files are owned by the user account setup in WHM (eg, "abc") files have a group setting of "abc" as well file permissions are created with 644 directories are owned by "abc" directories have a group setting of "abc" directories permissions are created with 0755 Again, these are the default permission settings. Now everything is fine with FTP activity, but please advise me if any of these file/directory settings create issues, especially with security. Here's where my struggle comes into play. I have PHP apps that allow a visitor to create, edit, rename, delete, etc. sub-directories and files in certain selected directories. PHP runs as "nobody" on my server. So in order to get my PHP/Web apps to work, I have had to: chown nobody * chgrp nobody * chmod 0777 * to everything in these certain & selected sub-directories. I know this is probably a huge security whole (so don't ask me for any links :) but how should I set all the permissions to allow my FTP user to do his thing while allowing the PHP apps to do their thing will also "minimizing" any security risks and exposures? I know that big CMS systems like Drupal, Joomla, WordPress and so on, handle this. Thanks ahead of time for reading through this and offering your expert advice!

    Read the article

  • Upgrading from php 5.3 to php 5.4 with Macport

    - by dr.stonyhills
    PHP5.4 has been available for sometime now and Macport recently caught up with the release of port php54 but the process of upgrading is not as clear as possible. Even worst for those who are new to maintaining multiple versions of PHP on the same machine. I am keen on trying out some of the new features in PHP5.4 like traits, new array form etc but falling back on to php5.3 for other compatibility stuff. So i sudo port install php5+ (all the variants, apache2 etc) Then i tell it what PHP port to use as default sudo port select --set php php54 Check what version of PHP is active in the terminal using php -v outputs php 5.4.3. But i seem to be having issues with choosing the right non cli version as in the version of the module run by apache etc is still php5.3.12. Do i have to change the reference to the libphp5 in apache httpd.conf? Any advice on the right workflow for switching between php version on macport greatly appreciated!

    Read the article

< Previous Page | 8 9 10 11 12 13 14 15 16 17 18 19  | Next Page >