I'm trying to change that:
Code:
modprobe ipt_recent ip_list_tot=500
But it's not work Can I change menually in /sys/module/xt_recent/parameters/ip_list_tot Or there is other way
i m using following kernal.
Code:
# uname -r
2.6.18-128.2.1.4.9.el5xen
According to security manual i need to incorporate following changes into kernal parameter but i m not sure when and how these changes will be implemented.
Code:
net.ipv4.conf.all.accept_source_route must be set to "0"
net.ipv4.ip_forward must be set to "0" (zero)
icmp_echo_ignore_broadcasts must be set to "1"
net.ipv4.tcp_syncookies must be set to "1"
[code].....
Does anyone know a method for setting the timeout period for failed logins on Linux RHEL5.x systems? Linux docs say to set the failed login delay paramter in /etc/login.defs to the desired seconds. I did this, but the settings have no effect, ie weather set to 2,4,10, etc, the actuall failed login timeout period(which I verified with a stopwatch), never changes.
View 1 Replies View RelatedI am unable to find any ldap.conf parameter or pam.d/system-auth setting from where i can restrict the LDAP users having uidNumber less than a particular number, say 500 to login into the system.I am using OpenLDAP server and tried pam_max_uid 500 in ldap.conf but it didn't work.
View 2 Replies View RelatedI got the following modprobe scripts modprobe -k -q streams what does the -k parameter mean?. is it exist in older modprobe? I don't see -k parameter in recent modprobe.
View 1 Replies View RelatedIs there an ssh or sshd parameter that can be set to block out a user after a set number of attempts tp login ?
View 1 Replies View RelatedI just focus on the filter table:
First : What is the meaning of the "opt" parameter?
Second : What is the aim of the "destination" for the INPUT chain ? The destination must be the ip of machine, isn't it ? I must put anywhere (except if my ip is fixed), right?
Third : The same : What is the aim of "source" for the OUTPUT chain?
Fourth : What are the following rules?
Code:
target prot opt in out source destination
ACCEPT udp -- eth1 any anywhere anywhere udp dpt:bootps
ACCEPT tcp -- eth1 any anywhere anywhere tcp dpt:bootps
ACCEPT udp -- eth1 any anywhere anywhere udp dpt:domain
ACCEPT tcp -- eth1 any anywhere anywhere tcp dpt:domain
eth1 is my wireless interface and I use it on a local network, my comp being the gateway.I suppose that "domain" is linked to the dns and it must be open if the devices on the lan specified my comp as their dns, right? But what about bootps?
i try to copy file music .oog .wav from Music folder to /usr/share/sounds/freedesktop/stereo but i can't and in folder /stereo i can't manage rename ,cut ,move to trash for all file .ogg when i right click at file to look Properties > at permissions i saw owner : root can not change these permissions
that 's i not understand about owner . and how i can change these permissions ?
I want to change the password complexity how do i do this?
View 9 Replies View RelatedI would like to know how to change the uname -a result in my server, i mean if the attacker upload a phpshell in any website for my customer, how could i have a fake uname -a for him?
View 7 Replies View RelatedDear Friends, For Upload a Web Site in my Local Fedora using Apache I need to use the /var/www/html folder.But I cant add/edit anything on html folder
View 3 Replies View RelatedRecently I was going through some chmod manipulations and found the umask values to be 0002 by default in Fedora 11 distro. What I knew about the default values to be 022. I don't know whether this is a kernel modification in this distro or my system is in compromise(I doubt for the latter option, but not confirmed).
View 4 Replies View RelatedHow to change the passphrase for crypted partitions in F14?
View 1 Replies View RelatedI have a problem with my fedora workstation.I am trying to change my ldap user password through passwd command.When I first create the user on ldap server, I use md5 and create the user password.This is the entry:
Code:
dn: uid=boo,ou=People,dc=linux,dc=gettolandia,dc=org
uid: boo
[code]....
i have 2 front ends that receive traffic (http server) and should run some scripts in crontab, some of the scripts should just being running by 1 server at a time (active one) and others should run on both. Regarding the http like is load-sharing i think i cant use heartbeat, right? heartbeat is just for active-stanby or can we use to a active-active as watchdog? i have a cisco css to load sharing the http, and i can make a watchdog script to the apache. Regarding the cron crontrol i was thinking to make a script that replaces the crontab file to whatever is the correct one.
When the heartbeat start what parameter is sent to the script that are resources? a start if active node and nothing if is the standby?allways start?how should i config the haresources to do it? what is the best way? i have other situation that is making a nfs server in solaris 10, i have 2 servers with shared disks ( sun array), can i use heartbeat to this too? it is possible to make it in such way that if i had i failover in nfs server the clients doesn't need to reconnect?
I receive messages such as the below:
SELinux is preventing /usr/sbin/httpd from using potentially mislabeled filesjk-runtime-status. SELinux has denied the httpd access to potentially mislabeled filesjk-runtime-status. This means that SELinux will not allow httpd to use these files. If httpd should be allowed this access to these files you should change the file context to one of the following types, httpd_tmp_t,
I know how to change the owner of a file and the permissions but what does it mean to change the file context?
I've done the usual edit of /etc/sysctl.conf to include the parameter, but it just tosses errors. I haven't had to tune a kernel in a very long time, what's different about it nowadays (or have I simply forgotten how)?
edit: Added "kernel.semmni = 2048" to the tail of /etc/sysctl.conf and then ran "sysctl -p". End result is an unknown key error (apparently kernel.semmni isn't the valid name anymore?).
I need to write program (preffer Python) to change range for users. Does anyone know some library which can help me to do that? Maybe someone has written program like that?
View 5 Replies View RelatedI've got a samba share on a linux server, connecting to it with a windows 2k3 server via tools > map network drive. The goal is to be able to use windows to change the security of the samba share. The good news is it works! The bad news is it's not QUITE perfect:
The share is called /company. I started with the following to give everyone access to everything, set the owner of the share to administrator (my domain admin on the Windows domain), and set the group owner to domain users (group that everyone on the domain is part of):
Code:
chmod -R 777 /company
chown -R administrator /company
chgrp -R domain users /company
I then mapped the drive as a regular user, and of course, can access/modify/delete/rename/create anything I want. Then I picked a folder to lock down. Let's call it /company/myFolder. I did this on the Windows server by mapping the drive as administrator (the owner), right click > properties > security tab > advanced > highlight "domain users" and "everyone" and click edit > clear all (i.e. remove all access). Go back to Linux and
[Code]..
The only issue that remains is that I am able to rename/delete "myFolder" as a regular user. I thought this was coming from the "acl map full control = true" parameter in smb.conf, but I changed it to false and verified the change and it still happens. If I remove group and world write access to /company, I am no longer allowed to rename/delete myFolder, but then I can't create a new folder. If I add group write access back in I can create files but can also rename/delete folders within /company that have --- specified for group access. Any ideas what I need to tweak to make this right?
I have read that to improve security in Ubuntu a good fix is to make the /home folder tree non-executable by default. This would mean that malware could not run in the /home tree without changing the setup.Is this a viable change, or is it just icing on the cake, any one any thoughts on this.
View 9 Replies View Relatedpam_auth_radius - Change the "Password:" prompt.Im currently working on getting a two-factor supplier working with my servers.Ive installed the pam_auth_radius.so and it works fine.HOWEVER.When I SSH to the server , I get this:
warning: Need basic cursor movement capability, using vt100
Keyboard-interactive:
Password:
[code]....
I want to set permissions to a folder as rwx-r-x-r-x in such a way that whenever a new file or folder is created under it, it will automatically inherit the parent folders default permissions.So,what I need to do know, do I have to change the umask value??
View 5 Replies View RelatedRunning Debian lenny.Is there any way to run
Code:
$ chage --expiredate some_date user1
chage: Permission denied.
[code]....
I'm new to ubuntu. Now iam using Karmic Koala. I want to change my password. So i used,
system->Administration->users and groups to change my password . As i entered my new password and clicked on 'Change Password', It is saying, 'password changed'. But when I click the close button in the main users and groups window, it is asking for my password, and I am forced to enter my old password only.
After the window is closed, i logout to check whether my password is changed. But it is not. I have to enter my old password to login.
im interested to know how to change fingerprint ?Linux (Ubuntu) look like WindowsLinux kernel 2.6 look like Linux 2.4 ----apache 2.2 look like apache 1.3apache look like IIS
apache look like "BLABLABLA"
Is it best to do this via the terminal or gui interface? does this meanthat the home folder encryption password is the same as the old login password?
View 4 Replies View RelatedI want to do setting in RHEL5 such that user should able to change his password only once in a day.I have changed the fourth field (i.e. minimum number of days to change) in in "/etc/shadow" file for "root" to "1". But its not working. I am able to change the password of "root" using "passwd" command.Any one can help me out on this issue
View 5 Replies View RelatedI've enabled root under Ubuntu (i know frowned upon), I'd like to change the default behaviour of sudo so that rather than requesting my password (the password I logon with), it requires the root password.
Have searched the forums but can't find the answer.
When I go the the Change Password dialog box and type my new password, the box seems to stall forever when I try to change my password. The Authenticate and Change password buttons are grayed out but the Close button still works and when I click on it the box will close without changing my password.
View 5 Replies View RelatedI recently installed Ubuntu 10.4 on an Intel machine. The machine also has Windows 7. So some of the partitions of the hard drive are Windows compatible (NTFS). They are all mounted when system is booted with Ubuntu and all files are accessible. However, when I try to change permission or limit access to a group, CHMOD command does not work. It doesn't return any error and everything seems to work fine but I can't change any permission.
View 8 Replies View Related