search for: allow

...filemaker acl Safe_ports port 777 # multiling http acl CONNECT method CONNECT # # Recommended minimum Access Permission configuration: # # Deny requests to certain unsafe ports http_access deny !Safe_ports # Deny CONNECT to other than secure SSL ports http_access deny CONNECT !SSL_ports # Only allow cachemgr access from localhost http_access allow localhost manager http_access deny manager # We strongly recommend the following be uncommented to protect innocent # web applications running on the proxy server who think the only # one who can access services on "localhost" is a local u...

...ut tripping up on some bugs in source3/utils/net_rpc.c, source3/utils/net_rpc_printer.c, and source3/utils/net_cache.c where there is an invalid use of the ":" operator. According to some other posts on the PostgreSQL forum, this shouldn't compile anywhere, even though GCC apparently allows it?? (http://archives.postgresql.org/pgsql-hackers/1998-09/msg00211.php) Maybe there's a way to skip building these components? Anyway, here's what I'm seeing on the console: bash-3.2# make WAF_MAKE=1 ./buildtools/bin/waf build Waf: Entering directory `/admin/tst/build/sam...

I recently setup my Puppetmaster server to run through Passenger via Apache instead of on the default webrick web server. SELinux made that not work and I've found some documentation on making rules to allow it however mine won't load. This is the policy I found via this website, http://sandcat.nl/~stijn/2012/01/20/selinux-passenger-and-puppet-oh-my/comment-page-1/ . module puppet_passenger 1.7; require { type bin_t; type devpts_t; type httpd_t; type passenger_t; type port_t;...

If someone has some free time, can you go over my ipfw config. See if I have any problems, or things i should add. Im not an ipfw expert or anything. Here is the config. add 100 allow all from any to any via lo0 add 110 deny log all from any to 127.0.0.0/8 add 120 deny log ip from 127.0.0.0/8 to any add 00200 check-state add 00250 deny all from any to any frag in via bge0 add 00260 deny tcp from any to any established in via bge0 ###### outbound section ###### ## standar...

...''m in the process of re-organizing my server and ACL-settings. I''ve seen so many different ways of doing ACL, which makes me wonder how I should do it myself. This is obviously the easiest way, only describing the positive permissions: /usr/bin/chmod -R A=\ group:sa:full_set:fd:allow,\ group:vk:read_set:fd:allow \ However, I''ve seen people split each line, so you getone for each inheritance-setting: group:sa:full_set:f:allow,\ group:sa:full_set:d:allow,\ group:vk:read_set:f:allow,\ group:vk:read_set:d:allow \ And some include all negative permissions, like this:...

...le { rename execute read lock create ioctl execute_no_trans write getattr link unlink }; class sock_file { setattr create write getattr unlink }; class lnk_file { read getattr }; class dir { search setattr read create write getattr remove_name add_name }; } #============= clamd_t ============== allow clamd_t proc_t:file { read getattr }; allow clamd_t sysctl_kernel_t:dir search; allow clamd_t sysctl_kernel_t:file read; allow clamd_t var_t:dir read; allow clamd_t var_t:file { read getattr }; #============= dovecot_auth_t ============== allow dovecot_auth_t mysqld_etc_t:file { read getattr }; al...

Hi, We want to restrict acces to the shares on our samba server using "hosts allow". Can I get this to work with clients who have dynamic IP addresses and don't have revers DNS lookup ? Best regards, Eric Eijkelboom Sr Systems Manager Medtronic B.V. Heerlen, The Netherlands Phone : +31-(0)45-566.8544 Fax : +31-(0)45-566.8008 www.medtronic.com <http://www.medtronic....

Hi peeps, After compiling ipfw into the new 6.2 kernel, and typing "ipfw list", all I get is: "65535 deny ip from any to any" From reading the docs, this might indicate that this is the default rule. (I am certainly protected this way--but can't be very productive ;^) ) By the way, when I run "man ipfw" I get nothing. Using this instead:

...ce-4f34-9537-dd88a41359e5 sealert -l b95663bb-12ce-4f34-9537-dd88a41359e5 SELinux is preventing /usr/libexec/postfix/smtp from 'read, write' accesses on the file 546AA6099F. ***** Plugin catchall (100. confidence) suggests *************************** If you believe that smtp should be allowed read write access on the 546AA6099F file by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # grep smtp /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp grep 546AA6099F /...

...> How do I tell which rule is blocking me out? SSH *is* working, >> but others are not. > >It all depends on what you mean by "blocking you out" and "others". > > >Did you try *reading* your fw config? > >> # Loopback: >> # Allow anything on the local loopback: >> add allow all from any to any via lo0 >> add deny ip from any to 127.0.0.0/8 >> add deny ip from 127.0.0.0/8 to any >Nope. >> # Allow established connections: >> add allow tcp from any to any...

...acl CONNECT method CONNECT > > # > # Recommended minimum Access Permission configuration: > # > # Deny requests to certain unsafe ports > http_access deny !Safe_ports > > # Deny CONNECT to other than secure SSL ports > http_access deny CONNECT !SSL_ports > > # Only allow cachemgr access from localhost > http_access allow localhost manager > http_access deny manager > > # We strongly recommend the following be uncommented to protect innocent > # web applications running on the proxy server who think the only > # one who can access services on &quot...

...n this phone calls secret=21 ;callerid=John Doe <1234> ; Full caller ID, to override the phones config ; on incoming calls to Asterisk host=dynamic ; we have a static but private IP address ; No registration allowed ;nat=no ; there is not NAT between phone and Asterisk ;canreinvite=yes ; allow RTP voice traffic to bypass Asterisk ;dtmfmode=info ; either RFC2833 or INFO for the BudgeTone ;call-limit=1 ; permit only 1 outgoing call and...

...acl CONNECT method CONNECT > > # > # Recommended minimum Access Permission configuration: > # > # Deny requests to certain unsafe ports > http_access deny !Safe_ports > > # Deny CONNECT to other than secure SSL ports > http_access deny CONNECT !SSL_ports > > # Only allow cachemgr access from localhost > http_access allow localhost manager > http_access deny manager > > # We strongly recommend the following be uncommented to protect innocent > # web applications running on the proxy server who think the only > # one who can access services on &quot...

...Sun 10 Nov 2013 10:26:04 AM EST printer BlackandWhiteLaserjet is idle. enabled since Sun 10 Nov 2013 10:26:03 AM EST printer Officejet_Color is idle. enabled since Sun 10 Nov 2013 10:26:04 AM EST The server's /etc/cups/cupsd.conf looks like this: LogLevel debug2 SystemGroup sys root admin # Allow remote access Port 631 Listen /var/run/cups/cups.sock # Enable printer sharing and shared printers. Browsing On BrowseOrder allow,deny # (Change '@LOCAL' to 'ALL' if using directed broadcasts from another subnet.) BrowseAllow @LOCAL BrowseAddress @LOCAL DefaultAuthType Basic <Loc...

...missions of the folder containing Maildir, of the Maildir itself, of its contents, and of the folder that appears empty when browsed with a client (Thunderbird). /tank/home/olaf $ ls -lV .. drwx------+ 16 olaf olaf 17 Sep 19 01:52 olaf user:olaf:rwxpdDaARWcCos:fd-----:allow group:2147483648:rwxpdDaARWcCos:fd-----:allow everyone@:rwxpdDaARWcCos:fd-----:deny /tank/home/olaf $ ls -lV drwxrwx--- 348 olaf olaf 359 Sep 19 01:51 Maildir owner@:rwxp--aARWcCos:-------:allow group@:rwxp--a-R-c--s:-------:al...

...ion. you can do this with something like : perl -pi -e 's/DC=MYDOMAIN,DC=com/DC=Carlos,DC=com/g' * Then you will have to run ldbadd and ldbmodify in the correct order to upgrade your schema to version 47 like this : ldbadd -H /var/lib/samba/private/sam.ldb --option="dsdb:schema update allowed=true" sch32.ldf ldbmodify -H /var/lib/samba/private/sam.ldb --option="dsdb:schema update allowed=true" sch32mod.ldf ldbadd -H /var/lib/samba/private/sam.ldb --option="dsdb:schema update allowed=true" sch33.ldf ldbmodify -H /var/lib/samba/private/sam.ldb --option="dsd...

...m> >To: freebsd-security@freebsd.org >Subject: Re: IPFW: Blocking me out. How to debug? > >Dear W.D. > >oh come on. i have the same problem. Which problem are we talking about? cut and paste problem. >cut and paste logic: > >#!/bin/sh >#1. count packets >#2. allow everything on lo0 (loopback) >#3. slow down and deny packets to buffer overflow enabled daemons >#3.5 to list all the buffer overflow enabled daemons use this sockstat -46ul >#4. allow everything in and out on the Ethernet interface fxp0. >Remember - wires are long things! What does...

...h something like : > perl -pi -e 's/DC=MYDOMAIN,DC=com/DC=Carlos,DC=com/g' * > > Then you will have to run ldbadd and ldbmodify in the correct order to upgrade your > schema to version 47 like this : > ldbadd -H /var/lib/samba/private/sam.ldb --option="dsdb:schema update allowed=true" sch32.ldf > ldbmodify -H /var/lib/samba/private/sam.ldb --option="dsdb:schema update allowed=true" sch32mod.ldf > ldbadd -H /var/lib/samba/private/sam.ldb --option="dsdb:schema update allowed=true" sch33.ldf > ldbmodify -H /var/lib/samba/private/sam.ldb --o...

...d from the site and gets stored in the cache but as the download restrictions are for 25MB the files which are even in cache with size more than 25MB are not accessed by the other clients, if we remove download restriction for that client then the software gets downloaded. Is there any way we can allow any client to access objects/files in cache without removing the download restriction. We are using Squid 2.6 on Centos 5 64-bit. Cache configuration: cache_mem 128 MB maximum_object_size_in_memory 1024 KB cache_dir ufs /var/spool/squid 400000 16 256 maximum_object_size 4096 MB refresh_pattern -i...

I had the same problem so i setup up hosts.allow to only allow access from certain ips i require This has the affect of killing the connection from any other ip befor gettign to any login prompt example below sshd : localhost : allow sshd : 192.168.2. : allow sshd : 82.41.115.213 :allow sshd : 216.123.248.219 : allow <-- public ip i wish to...