Search Results

Search found 30819 results on 1233 pages for 'software security'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 252/1233 | < Previous Page | 248 249 250 251 252 253 254 255 256 257 258 259  | Next Page >

  • How to chroot Apache on CentOS?

    - by Jonathan Meyer
    I have been advised by a sysadmin, to run Apache in a chroot jail, in order to prevent that an attacker could take control of server. So my question is: What is the best method to chroot Apache/2.2.3 in RHEL/CentOS 5?, i only use the default modules that comes with Apache like mod_php and also mod_security. I heard of mod_security SecChrootDir but i don't know if it would be suitable for my config, it says that it's recommended only for static file serving in the documentation. Thank you!

    Read the article

  • Preventing access to files if a user types the full url on the address bar

    - by bogha
    i have a website, some folders on the websites contains images and files like .pdf , .doc and .docx . the user can easly just type the address in the url to get the file or display the photo http://site/folder1/img/pic1.jpg then boom.. he can see the image or just download the file my question is: how to prevent this kind of action, how can i guarantee a secure access of the files. any suggestions UPDATE TO CLARIFY MY IDEA i don't want any user who is browsing the website to get access to these files normally by just writing the URL of the file. those files are a CV files, they are being uploaded by the users to a specific folder on the server which we host outside the company. those files are only being viewed by the HR people through a special system. that's the scenario we want. i don't want a WEB GEEK who just wants to see what files has been uploaded to this folder to download them easly to his/her computer and view them or publish them on the internet. i hope you got my idea

    Read the article

  • Problem with testsaslauthd and kerberos5 ("saslauthd internal error")

    - by danorton
    The error message “saslauthd internal error” seems like a catch-all for saslauthd, so I’m not sure if it’s a red herring, but here’s the brief description of my problem: This Kerberos command works fine: $ echo getprivs | kadmin -p username -w password Authenticating as principal username with password. kadmin: getprivs current privileges: GET ADD MODIFY DELETE But this SASL test command fails: $ testsaslauthd -u username -p password 0: NO "authentication failed" saslauthd works fine with "-a sasldb", but the above is with "-a kerberos5" This is the most detail I seem to be able to get from saslauthd: saslauthd[]: auth_krb5: krb5_get_init_creds_password: -1765328353 saslauthd[]: do_auth : auth failure: [user=username] [service=imap] [realm=] [mech=kerberos5] [reason=saslauthd internal error] Kerberos seems happy: krb5kdc[](info): AS_REQ (4 etypes {18 17 16 23}) 127.0.0.1: ISSUE: authtime 1298779891, etypes {rep=18 tkt=18 ses=18}, username at REALM for krbtgt/DOMAIN at REALM I’m running Ubuntu 10.04 (lucid) with the latest updates, namely: Kerberos 5 release 1.8.1 saslauthd 2.1.23 Thanks for any clues.

    Read the article

  • Looking for a USB Thumbdrive / Flash drive encryption solution (not TrueCrypt)

    - by Max888
    I am looking for a USB Thumbdrive / Flash drive encryption solution. I have searched the net but I have never come accross a solution which meets the following: Must handle at least 4GB volume If possible, fully portable (no install required required) Does not require admin rights in order to access/write encrypted files on the flash drive Does not corrupt data should the flash drive is removed from a USB port and the data is in a 'unencrypted' status Data is automatically encrypted if the flash drive is removed from a USB port and the data is in a 'unencrypted' status Portable apps must be able to run from the 'unencrypted' volume (in non-admin mode) PLEASE do not mention TrueCrypt as I am not considering (especially for wish list #3) Many thanks! Update 5th October 2009: Still unresolved.

    Read the article

  • Novell eDirectory—How can I aggregate account lockout events?

    - by bshacklett
    I'm seeing an account become locked out pretty frequently and I wanted to pull an aggregated log together of all of the lockout events so I could get a better idea of what times it's occurring. Normally I'd do this with EventCombMT.exe, but I'm in a Novell environment at the moment. Is there a Novell equivalent to Microsoft's ALTools or another diagnostic utility I could use to help aggregate lockout events into an easy to read log file?

    Read the article

  • Why does my Belkin wireless router has eMule port open?

    - by Jeremy Powell
    I have a Belkin F6D4230-4 v1 router. When I port scan it with nmap I get the following: $ sudo nmap -sS -A -T5 192.168.2.1 -p- Starting Nmap 5.00 ( http://nmap.org ) at 2010-04-17 11:40 CDT Interesting ports on 192.168.2.1: Not shown: 65532 closed ports PORT STATE SERVICE VERSION 80/tcp open http Belkin 2307 wifi router http config (IP_SHARER httpd 1.0) |_ html-title: '+i1+' 4661/tcp filtered unknown 4662/tcp filtered edonkey MAC Address: 00:22:75:5D:52:D8 (Belkin International) Device type: WAP|broadband router|firewall|printer|specialized|webcam Running (JUST GUESSING) : Linksys embedded (95%), TRENDnet embedded (95%), Netgear embedded (92%), Canon embedded (89%), On Time RTOS (89%), Symantec embedded (89%), D-Link embedded (86%), Polycom embedded (85%) Aggressive OS guesses: Linksys WRT54GC or TRENDnet TEW-431BRP wireless broadband router (95%), TRENDnet TW100-BRF114 broadband router (95%), Netgear FR114P ProSafe VPN firewall (92%), Canon PIXMA MX850 printer (89%), On Time RTOS (89%), Symantec Firewall/VPN 100 (89%), D-Link DI-714P+ wireless broadband router (86%), Polycom ViewStation video conferencing system (85%) No exact OS matches for host (test conditions non-ideal). Network Distance: 1 hop Service Info: Device: WAP OS and Service detection performed. Please report any incorrect results at http://nmap.org/submit/ . Nmap done: 1 IP address (1 host up) scanned in 21.57 seconds Why are the 4461 and 4462 ports open? This is a basic, out-of-the-box installation.

    Read the article

  • mdadm+zfs vs mdadm+lvm

    - by Alex
    This may be a naive question since I'm new to this and I cannot find any results about mdadm+zfs, but after some testing it seems it might work: The use case is a server with RAID6 for some data that is backed-up somewhat infrequently. I think I'm well served by any of ZFS or RAID6. Platform is Linux. Performance is secondary. So the two setups I am considering are: A RAID6 array plus regular LVM and ext4 A RAID6 array plus ZFS (without redundancy). Is this second option that I don't see discussed at all. Why ZFS+RAID6? It's mainly because the inability of ZFS to grow a raidz2 with new disks. You can replace disks with larger ones, I know, but not add another disk. You can accomplish 2-disk redundancy and ZFS disk growth using mdadm as the redundancy layer. Besides that main point (otherwise I could go directly to raidz2 without RAID under it), these are the pros-cons that I see for each option: ZFS has snapshots without preallocated space. LVM requires preallocation (might be no longer true). ZFS has checksumming (very interested in this) and compression (nice bonus). LVM has online filesystem growth (ZFS can do it offline with export/mdadm --grow/import). LVM has encryption (ZFS-on-Linux has not). This is the only major con of this combo I see. I guess I could go RAID6+LVM+ZFS... seems too heavy, or not? So, to close with a proper question: 1) Is there anything that inherently discourages or precludes RAID6+ZFS? Anyone has experience with a setup like this? 2) Are there possibilities for checksumming and compression that would make ZFS unnecessary (maintaining the possibility of filesystem growth)? Because the RAID6+LVM combo seems the sanctioned, tested way.

    Read the article

  • Snort network instruction Mac OS X

    - by Rasatavohary
    I'm trying to learn network intrusion detection. When I try to launch Snort, in IDS mode, I get this message (I'm running Mac OS X): Initializing Network Interface en1 ERROR: OpenPcap() FSM compilation failed: syntax error PCAP command: snort Fatal Error, Quitting.. How can I fix this problem?

    Read the article

  • linux passwords in configuration files

    - by user33124
    Some programs on linux that use configuration files, want me to enter my password in plain text in one of their configuration files. For example newsbeauter, the rss reader wants me to enter my google account password in a ~/.newsbeauter/config if I want to read google reader feeds. Mutt also sort of wants a password in a text file, but gives an option of entering it on every login. Is there any secure workaround to storing a password in a config file like that (eg for newsbeauter)? I was thinking of running the app as root, but that doesn't seem right. Or somehow creating and deleting the file everytime I use the app. Any ideas?

    Read the article

  • how to protect telnet access to smtp port 25?

    - by Michael Mao
    Hi all: Please consider the following: 192-168-1-106:~ michael$ telnet <remote_server_ip> 25 Trying <remote_server_ip>... Connected to li*****.linode.com. Escape character is '^]'. 220 mindinscription.net ESMTP Postfix (Ubuntu) quit 221 2.0.0 Bye Connection closed by foreign host. Is this very bad? how to protect port 25 from malicious attackers? I've already set up a firewall, but not very sure what to do in this case. Basically I'd like to use this server to only send emails as alert messages, not receiving any external emails. Many thanks to the help in advance.

    Read the article

  • How to remove strict RSA key checking in SSH and what's the problem here?

    - by setatakahashi
    I have a Linux server that whenever I connect it shows me the message that changed the SSH host key: $ ssh root@host1 @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY! Someone could be eavesdropping on you right now (man-in-the-middle attack)! It is also possible that the RSA host key has just been changed. The fingerprint for the RSA key sent by the remote host is 93:a2:1b:1c:5f:3e:68:47:bf:79:56:52:f0:ec:03:6b. Please contact your system administrator. Add correct host key in /home/emerson/.ssh/known_hosts to get rid of this message. Offending key in /home/emerson/.ssh/known_hosts:377 RSA host key for host1 has changed and you have requested strict checking. Host key verification failed. It keeps me for a very few seconds logged in and then it closes the connection. host1:~/.ssh # Read from remote host host1: Connection reset by peer Connection to host1 closed. Does anyone know what's happening and what I could do to solve this problem?

    Read the article

  • Solr error; JNDI not configured for solr; Anybody know what this means?

    - by Camran
    I am installing solr on my VPS (Ubuntu 9.10) via PuTTY. First, I thought about installing Solr with Tomcat, but then after installing tomcat, I changed my mind and went for the Jetty which comes with Solr. Now that I have setup everything on my Server, and try to start the "start.jar" file, I get some errors... Here is some text from the log file: 2010-05-29 00:22:42.074::INFO: jetty-6.1.3 2010-05-29 00:22:42.134::INFO: Extract jar:file:/var/www/webapps/solr.war!/ to /var/www/work/Jetty_0_0_0_0_8983_solr.war__solr__k1kf17/webapp May 29, 2010 12:22:42 AM org.apache.solr.core.SolrResourceLoader locateSolrHome INFO: JNDI not configured for solr (NoInitialContextEx) May 29, 2010 12:22:42 AM org.apache.solr.core.SolrResourceLoader locateSolrHome INFO: solr home defaulted to 'solr/' (could not find system property or JNDI) May 29, 2010 12:22:42 AM org.apache.solr.core.SolrResourceLoader <init> INFO: Solr home set to 'solr/' May 29, 2010 12:22:42 AM org.apache.solr.servlet.SolrDispatchFilter init INFO: SolrDispatchFilter.init() May 29, 2010 12:22:42 AM org.apache.solr.core.SolrResourceLoader locateSolrHome INFO: JNDI not configured for solr (NoInitialContextEx) May 29, 2010 12:22:42 AM org.apache.solr.core.SolrResourceLoader locateSolrHome INFO: solr home defaulted to 'solr/' (could not find system property or JNDI) May 29, 2010 12:22:42 AM org.apache.solr.core.CoreContainer$Initializer initialize INFO: looking for solr.xml: /var/www/solr/solr.xml May 29, 2010 12:22:42 AM org.apache.solr.core.SolrResourceLoader <init> INFO: Solr home set to 'solr/' Anybody know what this is? Thanks

    Read the article

  • Isolating VMware virtual machines from the network

    - by jetboy
    I have: VMware Workstation 7 running on a Windows 7 box (with a single NIC), with multiple virtual machines running a range of OSs. The host box is connected to a WRT54G router running Tomato firmware. The router is acting as a wireless bridge to another WRT54G that's wired to my broadband modem. I can access the VMs externally via VNC using VMware's Remote Display. Over time I've had these running: a. Using NAT networking (single IP) with port forwarding on the router and a custom port in VMware for each VM. b. Using bridged networking with static IPs assigned to each VM via MAC address, and port forwarding on the router to each IP running with standard ports. Either way, the host box, and other physical machines on the network are accessible from the VMs. Is there a way to isolate the VMs from the rest of the network, but still maintain internet access and remote VNC to the VMs?

    Read the article

  • TicTac Photo and Windows 7

    - by Ben
    Hello, My wife has been creating a tictac photo album. I had to upgrade to windows 7 as i had enough of Vista so i backed up the tic tac photo file and the photos to an external hard disk and performed a fresh install of win7. Now here is the problem. TicTacPhoto says it can find the photos in the album. The locations were as follows: Vista: C:\Users\Kelly\Pictures Win 7 C:\Users\Kelly\My Pictures When i try to create a Pictures folder under Kelly it popups a message about merging the two folders and simply moves the pictures to the My Pictures folder. Does anyone know a way to make a foler called pictures so i can eliminate the file path problem and then try again with tic tac photo support to get them to fix my file. My wife is going to kill me as its our wedding album and she has spent upwards of 30hrs designing it and me upgrading to win 7 means its all my fault. She does not understand file paths etc. Im going to try and open the album file in a text editor and see if i can see anything but thought i would ask here as well. Any help appreciated.

    Read the article

  • How can I provide secure web content to mobile devices that can't access an intranet?

    - by evanmcd
    I'm working with a client on development web content for their intranet. We want users to be able to access a version of the content on their mobile devices, but most of them don't have the VPN capability to get on to their intranet. I'm wondering if anyone has had experience with this and can recommend a solution. One other thing to consider is that the content is not mission critically secure. If someone outside the company gained access to it, it would not represent a major issue, only a minor annoyance. Thanks for any advice.

    Read the article

  • How to securely generate memorable passwords?

    - by Tim
    Whenever I need new passwords I use some tools to generate those, preferable memorable passwords, but I've been wondering how secure this might actually be. Using The xkcd random number generator is probably pretty bad, cat /dev/random is probably pretty good, but generating memorable passwords seems a bit more tricky. Whenever a program generates a memorable password, it only uses a subset of the total password space available, and it is not clear to me how big this space is. Of course a long password should help in this case, but if the `memorable' part of the program is too predictable, your passwords are not very good in the end. TL;DR: how secure are memorable password generators, given the fact that `memorable' passwords are a subset of total password space? Some tools I know of: pwgen -- seems ok, but passwords are not too memorable Mac Password Assistant - generates memorable passwords but it is unclear to me how this works.

    Read the article

  • How do I grant a database role execute permissions on a schema? What am I doing wrong?

    - by Lewray
    I am using SQL Server 2008 Express edition. I have created a Login , User, Role and Schema. I have mapped the user to the login, and assigned the role to the user. The schema contains a number of tables and stored procedures. I would like the Role to have execute permissions on the entire schema. I have tried granting execute permission through management studio and through entering the command in a query window. GRANT EXEC ON SCHEMA::schema_name TO role_name But When I connect to the database using SQL management studio (as the login I have created) firstly I cannot see the stored procedures, but more importantly I get a permission denied error when attempting to run them. The stored procedure in question does nothing except select data from a table within the same schema. I have tried creating the stored procedure with and without the line: WITH EXECUTE AS OWNER This doesn't make any difference. I suspect that I have made an error when creating my schema, or there is an ownership issue somewhere, but I am really struggling to get something working. The only way I have successfully managed to execute the stored procedures is by granting control permissions to the role as well as execute, but I don't believe this is the correct, secure way to proceed. Any suggestions/comments would be really appreciated. Thanks.

    Read the article

  • Apache error_log showing which command output

    - by Unai Rodriguez
    Apache's error_log shows lines like the following: --- snip --- which: no ruby in (/sbin:/usr/sbin:/bin:/usr/bin) which: no locate in (/sbin:/usr/sbin:/bin:/usr/bin) which: no suidperl in (/sbin:/usr/sbin:/bin:/usr/bin) which: no get in (/sbin:/usr/sbin:/bin:/usr/bin) which: no fetch in (/sbin:/usr/sbin:/bin:/usr/bin) which: no links in (/sbin:/usr/sbin:/bin:/usr/bin) which: no lynx in (/sbin:/usr/sbin:/bin:/usr/bin) which: no lwp-mirror in (/sbin:/usr/sbin:/bin:/usr/bin) which: no lwp-download in (/sbin:/usr/sbin:/bin:/usr/bin) which: no kav in (/sbin:/usr/sbin:/bin:/usr/bin) --- end --- The architecture is: Internet - Load Balancer - Varnish - Apache There are several web servers behind the load balancer and I have checked at least one of them with rkhunter (link) and couldn't find anything suspicious. Versions: CentOS 5.7 Varnish 2.1.5 Apache 2.2.3 PHP 5.2.17 Does this mean that someone has executed the command which through Apache? How can that happen? Thank you so much.

    Read the article

  • How to restrict file system when logged into terminal services

    - by pghcpa
    What I need to accomplish: With one login, when user is physically in the building I need them to see everything. When they are using terminal services with same login they should not be able to see the file system on the network. I can lock down the PC running terminal services as that is its only use. Details: Windows/2003 Server with terminal services. One login for a user (e.g., johndoe). When johndoe logs into the network at his desk in the office, he can see the network files according to group policy. When johndoe logs into terminal services from outside the building, we do not want to allow him see the network. Using 2x to do a published app, but that app has a "feature" that allows user to see network. Published application on termina services (only) is a document management system that is tied to windows login, so I can't give them two logins. With one login, when they are in the building I need them to see everything. When they are using terminal services they should not be able to see the network. I can lock down the PC running terminal services as that is its only use.

    Read the article

  • Inexpensive, simple screen recording application for mac

    - by donut
    I am more and more consistently running into the need to create screencasts (record my screen) for clients to show them how to use programs or websites. Up until now I've been using Jing and it's been wonderful. But I would like something that can give me something less annoying than a .swf. A .mov or, best of all, something that plays without fuss on Mac and Windows. Also, the 5-minute limit is annoying, but not show stopping. Basically, I'd like to be able to actually give them the file on a CD or something instead of relying on whatever host I use staying up for eternity. To sum up, here's what I require: Record a portion or all of the screen. Records audio from mic while recording screen. Exports files easily playable on Mac and Windows (requiring Quicktime is okay, but not ideal) Will work on Mac OS 10.5+ Allows recording videos of at least 5 minutes. Text in recorded videos is easily readable when exported. Bonuses points for: Records videos greater than 5 minutes Exported videos will work in Windows Media player without any fuss. I haven't upgraded to Snow Leopard yet but I know it has some screen recording stuff built in but I don't know if it would be sufficient or not. The reason I say, "simple" is because most of the applications I've seen do much more than I need (I mean, Jing is nearly perfect for my needs) and cost more than I would like to spend.

    Read the article

  • monitoring a /21 for potential bad guys with snort and port mirroring

    - by Adeodatus
    Hi all, I want/need to start monitoring our network a bit better. Its an odd network in that it comprises 2 /22 public IPs and a slew of private admin IPs. I do have one point in the network where it all comes together and I can turn on port mirroring on the catalyst. From that port, I'd like to turn up a box running various utilities. Snort is high on my list but it'd be nice to also get some networking statistics with something like Netflow. So, what are peoeple's thoughts. I can turn up a box needed for this with a bit of ease. We have the hardware available. What should I run? I'd love to know what kind of nasty things are potentially going on but I'd also like to see statistics on what people are doing on the network so I can better tweak our systems to handle it better and improve performance. I'm open so please, give me some ideas to go along with what I've got.

    Read the article

  • How to avoid apache2 revealing hidden directory and/or file structure

    - by matnagel
    When someone fetches a denied URL that exists, he gets: Forbidden You don't have permission to access /admin/admin.php on this server. Apache/2.2.8 (Ubuntu) PHP/5.2.4-2ubuntu5.9 with Suhosin-Patch Server When someone goes to a URL that does not exist he will get: Not Found The requested URL /notexisting/notthere.php was not found on this server. Apache/2.2.8 (Ubuntu) PHP/5.2.4-2ubuntu5.9 with Suhosin-Patch Server This way someone can find out information about the directory structure in an area, that is actually not open to the public. Is this true? If I were paranoid, what could I do? Just curious.

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 248 249 250 251 252 253 254 255 256 257 258 259  | Next Page >