I am working to create a new base image for our RHEL5 setups, and I wanted to make sure we are creating a functional, but secure, image. Can anyone point me to some writeup's that might provide some illumination on this potentially daunting task? Basically, I'm concerned about what packages are okay, which should be avoided, and what other caveats that I might not think of when putting this together.
View 6 Replies
Does it really matter if you use bit-torrent to get the iso image? Or is that a bit risky? Would using IPv6 to download.
View 9 Replies View RelatedI'm an Oracle DBA and started working for my current employer about 4 months ago. This past weekend an alert re: FS space brought my attention to /var/spool/clientmqueue (full of mail re: cron jobs) and the fact that sendmail is not running on our Linux servers.I'm told that the IT security team deemed sendmail too vulnerable so we don't run it.Aside from FS filling up and missing notification of issues with crontab entries, I'm concerned that we may be missing notification of potential issues. In other Unix/Linux environments I've seen emails from the print daemon when it experienced problems with specific jobs.
Are there other Linux facilities aside from cron and lpd that use email to advise the users of possible issues? Are there ways to secure sendmail or secure alternatives to sendmail? My primary need/desire is to make sure that emails regarding issues on the server get to the appropriate users. Secondary goal would be to have the ability to use mailx to send mail out. There is No need/desire to receive mail from outside.
how can we achive more than 8TB size for one LUN.?I am getting following error..
[root@storage ~]# mke2fs -j /dev/VG01/data
mke2fs 1.39 (29-May-2006)
mke2fs: Filesystem too large. No more than 2**31-1 blocks
(8TB using a blocksize of 4k) are currently supported.
i need help to create a PPPoE Connection ( Breoadband)using RHEL 5 cz my ISP use this type of connection .Plz if there is someone can show me the procedure step by step.
View 3 Replies View RelatedI am running RHEL5.5 its a fresh install and we are testing Xen Virtualization. We are wanting to use our iSCSI SAN for the VMs. I have created the initiator iqn, and discovered the target address. We are connected to the target, but there is no new block device in /dev.
[root@xxxxxxxx etc]# netstat -a | grep iscsi
tcp 0 0 *:iscsi-target *:* LISTEN
tcp 0 0 xxxxx-netapp.okc-:44840 xxxxxx-iscs:iscsi-target ESTABLISHED
tcp 0 0 *:iscsi-target *:* LISTEN
[Code].....
I wonder if someone can shade alight on this problem,I have active subscription for rhel4 ES and trying to do a fresh install of rhel5,I was able to download rhel5.3 DVD image from redhat site,burnt it to a DVD but is not booting,i have so far tried on 2 different DVDs but both have failed. I have even downloaded and burnt 1 CD ISO image burnt it still failed.BIOS level is set to cd device first so no problem there,it works!
View 5 Replies View RelatedWith my limited knowledge about integrating kernel modules into the initrd image. The issues is that currently when we are trying to install the RHEL5.4 image onto a 64 bit box we need to load the megasr driver initially before the ahci driver. Hence we use a seperate diskette for the same. We want to integrate the megasr files into the RHEL image itself.
View 5 Replies View Relatedhow to automount USB devices read-only for security in RHEL5? I'm looking for the generic solution for any USB device, so I'm not looking to hardcode something into /etc/fstab.I've hunted around and I can't find a clear answer and my various attempts have failed. I've looked at /etc/auto.misc, UDEV, and HAL. Here's where I'm at which isn't working.I have RHEL5 and from what I can tell HALD manages the automounting. HAL seems to have 2 primary directories:
/etc/hal/fdi
-and-
/usr/share/hal/fdi
The difference between the two is unclear to me.Based on some examples, I created the following file:
--------------------
Code:
<?xml version="1.0" encoding="UTF-8"?> <!-- -*- SGML -*- -->
<deviceinfo version="0.2">[code]....
No matter what I call this file or where I put it, any USB device still mounts RW. How do I fix this? Am I correct that HAL is the right place? Looking through dmesg, it sure looks like HAL controls this, but maybe I'm wrong? I've also made various attempts to solve this with UDEV and /etc/auto.misc, so if it is one of those, I clearly don't know the correct thing to do there.
I seem to be missing a secure.log or security.log file. I have Ubuntu 10.04 and can't find this file. I looked in the /var/log and ran a search command to no avail. Does anyone know where this file is or is it called something else. I'm looking for a file that logs any change to the security settings of the system.
View 1 Replies View RelatedI was given a forensic Image which I now know is a DD image of the drive (Vista) and am trying to mount the image or extract the image to another drive. I'm not sure of the extention type or if the image is a partition or the entire drive. I think it is the entire drive.
Is it possible to mount a DD image to a device. If I can't do that I just want to extract the files to run some programs against the drive. Can I view the files under Ubuntu or do I have to remove the drive and stick it into a Vista computer.
I purchased a second drive today and was hoping the command line would be something simple.
Or am I on the wrong track, should I be doing this all in a windows environment. The reason I picked ubuntu was because of the reporting tools.
Quote:One of the new features in Firefox 4 that we are very excited about is Content Security Policy, which is a mechanism that works behind the scenes to prevent some of the more severe web-based attacks against users and websites.Firefox users don?t have to do anything in order to gain this protection. Simply install Firefox 4 and you will instantly receive all of the benefits that Content Security Policy has to offer. Easy!
I have a hdd with WindowsXP that I'd like to install on Virtual boxe. The hdd is currently in use, but can put in enclosure to perform operation. To do the planned operation, what is the best way? Do I need make iso image of hdd? Or can I install directly to vboxe?
View 14 Replies View RelatedHow to Centos 5.5 very secure for mail server. how to its performance very fast.
View 2 Replies View Relatedperform below activities please guide how to do perform below activities.Make sure the Guest account is disabled or deleted.-Disabled or deleted anonymous accessSet stronger UserID policiesSet Key Sensitive UserID Default enable in linuxCombination of numbers, letters and special characters (*,!,#,$,etc.)
Status of UserID
Type
User Name
[code]....
Is there some way I can make an image from my machine. I want to copy it to a VM.
View 4 Replies View RelatedRight direction regarding the creation of a bootable Linux Image for PXE booting. I've already consulted google and the other obvious sources I could think of, but it seems that PXE is mostly used to install stuff, which isn't quite what I need.
The goal here is to have a pool of computers that boot from a central source so maintenance is less of a hassle. Installation of the individual PCs is not desired and I'm supposed to provide a functional Linux via PXE booting.
What I need is basically a way to turn a working Linux into an image that can be booted via network. Or to recreate that Linux as an image that I can boot.
how to secure opensue? Or point me to some good articles etc?
View 9 Replies View RelatedI set up my ubuntu server with iptables that only allows ssh in the input chain (and of course established connections) with only the mac adress of my laptop allowed to connect, set up a key with a long passphrase and installed pam_abl plugin. ICMP echo is blocked by default.
The only problem is i log all other attempts to connect to the server and i see a lot of traffic going to ports 445 and 5900.
My question is: Is there a possibility that these attempts could succeed and is there any way to further ensure this server?
A) Pc-bsd
B) Ubuntu
And also which OS is more reliable?
How can i secure grub 2.0 ? with grub 1 just do : grub-md5-crypt then we write password --md5 <crypted_password> in /boot/grub/menu.lst
View 9 Replies View RelatedIs it possible at all to secure transmission?
View 9 Replies View RelatedNewbie here,
I'm thinking of moving mostly to linux to get away from the security holes in Windows. And I have some questions...
How secure is Firefox for doing online banking?
Sometimes I have run into a situation where the bank doesn't support anything but Windows explorer when accessing my accounts. Can this be gotten around safely in Linux?
If so, How?
Is there any way to secure harddisk accessbility ? i want encrypt my hard disk, and partitions that ubuntu installed on that. is there a way ? i want deny all access to hard disk, just my own root account can have access to all.
View 9 Replies View RelatedOk im new, i know apparmor is running. i was looking for firestarter but their isnt one.....how do i secure this server? i want a good firewall and some virus protection!. also do i need this?
View 9 Replies View RelatedI want to set up a website that hosts very confidential business information. The info needs to be accessed by multiple people in different geographical regions. The entire website would require the high security (ie: there are no little sections that are publicly viewable). While the site will be run with Ubuntu server, I will be hosting it in Amazon's EC2 cloud.
So, if I use the HTTPS protocol with an SSL certificate, am I pretty well reaching the most secure possible situation? Are there any concerns with using the EC2 solution? Obviously there are a LOT of variables involved with maintaining website security, but I want to know if HTTPS is the current best bet (in addition to all the "best practices" of securing a site) or if there is a more robust way of securing content.
what is the best option to securing server via firewall and iptables?
View 9 Replies View RelatedI'm learning to secure my server in the best way I can think of: By learning to attack it. Here's what would like to accomplish. I have SSH set up on a linux box in a offline lab environment.
Username: root
Password: ajack2343d
Now, I know I can simply brute force this as I know the password, but there has to be other ways, and I wish to learn them.
we are trying to make a policy decision whether to go with SSH user/passwd or PPK secure key ? our servers are hosted remotely by a hosting service. we were wondering which of these two models are more secure.e.g. i would tend to think that user/passwd with account lockouts upon failed attempts would be more secure because the other option exposes your server in case someone sneaks the PPK file or steals your whole computer.however, what makes me doubt myself is that Amazon Web Services EC2 cloud hosting uses PPK by default (although an instance's SSH config can be change to accommodate logging in but they don't endorse it).
View 3 Replies View RelatedSuddenly, I'm getting lots of messages in my CentOS 5.6 secure log : -
May 12 13:07:49 CentOS55 webmin[14538]: Successful login as root from 192.168.0.203
May 12 13:10:03 CentOS55 userhelper[14698]: pam_timestamp(system-config-securitylevel:session): updated timestamp file `/var/run/sudo/root/unknown'
[code]....
