search for: lockdowns

Hi group As promised some months ago, I'm letting you know that lockdown is now ready for testing. Please don't study the code to much, I know it is a mess and therefore a rewrite is on it's way. But feel free to take a look at the features offered, how you use them and the default settings. When lockdown is ready for production usage, I'll release version 1.0. I guess that will

What: Lockdown <http://stonean.com/projects/show/lockdown> is an authorization/authentication gem for RubyOnRails 2.x This version bundles Classy Inheritance<http://stonean.com/projects/show/classy-inheritance>to simplify the management screens. There is also a lot of template cleanup in this release. *There were no changes to the security engine.* If you have questions, please

...ther solution :-) <scary_solution> I've thought of building a specially crafted .reg file (actually a set of them) which will be imported in each logon on the machine; that way, I can control the way the desktop acts for each user. I will have a "general.reg" file for common lockdowns, some specific "group-A.reg", "group-B.reg" files for each group and finally some "user-A.reg" with specific lockdowns (or not) for special users. </scary_solution> I know this isn't great security since any user would be able to craft a .reg file themselv...

Hi all, I am doing some tests with my CentOS7 desktop. I have configured a policy to lockdown Chrome/Chromium browsers and it works perfectly. And I am trying to the same for Firefox browsers but Firefox's docs are really "hard" to understand. I have the following stopper points: a/ what is the "real" system wide's config file: firefox.js, sysprefs.js or

Hi All, I''m having a bit of trouble wrapping my head around "nil_lockdown_values" in the Lockdown plugin. I''m unfamiliar with how exactly this works. I''m assuming it is a helper method of sorts, but I see no definition. Does Rails simply have the ability to nil_ [somerandomliborclass]_values? Would someone mind unconfusing me? Also, where would I find

Has anyone had any issues using Cucumber with Lockdown. in the following scenario, I am logged in as an admin and so should have :all access rights, however I get the following error. Authoriztion filed! prms: {"action"=>"index", "controller"=>"admin"} session: {:expiry_time=>Wed Oct 28 13:33:43 +0000 2009,

I only run one piece of software under wine but this app is still a great risk. The intentions and opportunity of software developers not using open source should not be underestimated. when i run env WINEPREFIX="/ubuntu/PC1/.wine" wine C:\\windows\\system32\\taskmgr.exe I am reminded again of all the security problems with windows. I was thinking that it ought to be easier to

Hello everybody, I'm a newbie in this list, so I don't know if it's the appropriate place for my question. Anyway, I'd be happy to find out the solution. Please, has anyone simple answer for: I'm looking for an exact list of files, which: 1. MUST have... 2. HAVE FROM BSD INSTALLATION... 3. DO NOT NEED... 4. NEVER MAY... ...the suid-bit set. Of course, it's no problem to

...ret option that the client and server would have to proof to know when initiating the Handshake. The Server or client could terminate the connection immediately when the peer does not know the secret. So in case of a security Problem the administrator could set an option for ssh and sshd like LockDownSharedSecret to a random password and share it with other Trustworthy Administrators, who are involved in fixing the problem. My ideas how to use this shared secret: - STEP1 When opening the connection the client needs send the protocol information, a Client-Random string and HASH(Client-Rando...

...ret option that the client and server would have to proof to know when initiating the Handshake. The Server or client could terminate the connection immediately when the peer does not know the secret. So in case of a security Problem the administrator could set an option for ssh and sshd like LockDownSharedSecret to a random password and share it with other Trustworthy Administrators, who are involved in fixing the problem. My ideas how to use this shared secret: How is this different to configuring /etc/securetty and tunnelling Telnet over SSH Port Forwarding which I don't recommend BTW?...

Dear Christian, >How is this different to configuring /etc/securetty and tunnelling >Telnet over SSH Port Forwarding which I don't recommend BTW? In case your SSH is remotely attackable for instance - because your LDAP is configured wrongly, - your run into some problem like CVE-2008-0166 - some users private keys are lost And you want to lock down the sshd and investigate and

Steffen Nurpmeso wrote in <20240714024434.vvSRh10_ at steffen%sdaoden.eu>: ... |[.]do not |know about the AI_V4MAPPED flag[.] I have read https://datatracker.ietf.org/doc/html/draft-cmetz-v6ops-v4mapped-api-harmful-01 but as an application developer i find it ugly not to be able to "simply do it", and get back a mapped address. --steffen | |Der Kragenbaer,

On 14/07/2024 03:49, Steffen Nurpmeso wrote: > I have read > > https://datatracker.ietf.org/doc/html/draft-cmetz-v6ops-v4mapped-api-harmful-01 > > but as an application developer i find it ugly not to be able to > "simply do it", and get back a mapped address. You are looking at a Internet draft which expired more than 20 years ago.

Hi all, I'm mounting a LTSP server whith CentOS 4.4. The default desktop will be Gnome. I'm looking for lockdown tool and I think Pessulus maybe a good option, but I don't found it with yum. ?Is Pessulus included in CentOS? ?Another lockdown tools as alternatives? Thanks in advance. -- Jordi Espasa Clofent PGP id 0xC5ABA76A #http://pgp.mit.edu/ FSF Associate Member id 4281

I'm seeing errors like this in my event viewer on win2k clients: Source MRx Smb "The master browser has received a server announcement that computer CONAN that believes it is the master browser for the domain ... The master brower is stoppong or an election is being forced." Event ID 8003 The other error that frequently occurs with this: Source: Netlogon "No Windows NT or

On 04.07.24 01:41, Manon Goo wrote: > - some users private keys are lost Then you go and remove the corresponding pubkeys from wherever they're configured. Seriously, even if you do not scan which pubkey is configured where *now* (as is part of our usual monitoring), it'll be your "number <3" task *then* to go hunt it down. > And you want to lock down the sshd

...l permissions and no SELinux you can still be blocked by > something called kernel_lockdown and it should appear in dmesg. > > Pavel > > [1] <https://gehrcke.de/2019/09/running-an-ebpf-program-may-require-lifting-the-kernel-lockdown/> Unfortunately, nothing related to kernel lockdowns. My kernel sysrq also doesn't seem to recognize x, and neither dmesg nor system journal indicate the system is even booted with lockdowns. I don't run Secure Boot, so that makes sense. I do get an audit message but that doesn't really enlighten me any further; there's only 4 message...

Hello, I need to reconfigure Gnome in CentOS for avoiding that a normal user could lock screen using task bar option and/or "Super L" key (Windows Key + L). How could I configure Gnome? I need to do that in several computers, so I can't do "login" in X environment of each computer, but I need to reconfigure executing from command line (multiple SSH connections).

Gert Doering wrote in <ZpUvZQr0T-vOToo2 at greenie.muc.de>: |On Sun, Jul 14, 2024 at 10:25:46AM +0100, Brian Candler wrote: |> On 14/07/2024 03:49, Steffen Nurpmeso wrote: |>> https://datatracker.ietf.org/doc/html/draft-cmetz-v6ops-v4mapped-api-\ |>> harmful-01 |>> |>> but as an application developer i find it ugly not to be able to |>>

Hi, On Sun, Jul 14, 2024 at 10:25:46AM +0100, Brian Candler wrote: > On 14/07/2024 03:49, Steffen Nurpmeso wrote: > > I have read > > > > https://datatracker.ietf.org/doc/html/draft-cmetz-v6ops-v4mapped-api-harmful-01 > > > > but as an application developer i find it ugly not to be able to > > "simply do it", and get back a mapped address.