similar to: Recommendations for securing a webserver

We have several web applications deployed under Apache that require a user id / password authentication. Some of these use htdigest and others use the application itself. Recently we have experienced several brute force attacks against some of these services which have been dealt with for the nonce by changes to iptables. However, I am not convinced that these changes are the answer. Therefore

Roger, I just tried the journal report and it is unable to find journalctl on my system. I am not very expert but this MAY be because my Ubuntu install is actually running chroot'ed on an Android TV computer and the expected systemd may not be there. Could the desired information be elsewhere? Thanks! On 7/14/2019 7:52 AM, Roger Price wrote: > On Tue, 9 Jul 2019, Charles Lepple wrote:

Hi I am trying to turn on register_globals, but I am failing. someone trold me that I should change php.ini and I did it. ? - register_globals = Off - register_globals = On I made a php test page html/test.php <?php phpinfo(); ?> and checked it, but I can not make it. output_buffering no value no value output_handler no value no value post_max_size 8M 8M precision 14 14

Hello, Is there any way to specify which pubkey has rights to use the sftp-server subsytem when this has been set up in the sshd server? I don't know if I could control which users are authorized to use the sftp-server, could I? Is there any official patch that allows sftp-sessions 'chroot'ed? Thanks in advance. -- Best regards, quart mailto:quart at

Hi, I need to run two Dovecot instances with totally different authentication configs: first - passwordless, based on client SSL certificate; and second - regular password based (LDAP, passwd etc.). (As far as I know this cannot be achieved with single Dovecot instance; if I'm mistaken, please correct me). My intention is to give clients dual access to their mailboxes: some do own a SSL cert,

I want to add mod_security to my Apache server running CentOS 5.3 and am trying to find a repository to get it from. I found it in EPEL, but they have version 2.1.7, which is over a year old according to what I found on the modsecurity.org website. Is there a repository which is keeping this up to date? Or should I just build it from source? -- Bowie

I run a sshd host solely to allow employees to tunnel secure connections to our internal hosts. Some of which do not support encrypted protocols. These connections are chroot'ed via the following in /etc/ssh/sshd_config Match Group !wheel,!xxxxxx,yyyyy AllowTcpForwarding yes ChrootDirectory /home/yyyyy X11Forwarding yes Where external users belong to group yyyyy (primary). We

Hi guys, I've planning out my upgrade to CentOS4 and one of my plans for security is to impliment the mod_security apache module to filter out unwanted malicious intent. Not having used it before, I wanted to see if anyone here has implimented it and did it block any legit traffic or cause resource traffic/serious slowdowns of their systems? I've asked on the forum about secure

Hi Steffen, 248 is a dovecot, 202 is dovenull, both users are in theirs groups across. If I change ownership of /usr/local/dovecot to dovecot.dovecot, then dovecot is correcting it to root.root for some reason. Does it mean that dovecot should be running as root only? What does it mean / here? is it / in filesystem or it is / for dovecot in /usr/local/dovecot ? May 01 14:36:00 master:

Hi, I'm currently fiddling with mod_security, and before going any further, I simply wanted to ask here for any recommended documentation/tutorials on the subject. There seems to be a lot of information about mod_security out there, and right now I have a bit of a hard time wrapping my head around it. I'm grateful for any suggestions. Cheers, Niki Kovacs -- Microlinux - Solutions

I installed mod_security yesterday. Unbelievable the amount of crap it will stop in 24 hrs. Picked up the rpm at http://rpm.pbone.net This should be made part of the CentOS extra, contribs or whatever!!

I've just built openssh 3.1 for my Redhat 5.1 system (running on a 486 DX-66) using the latest zlib and openssl libraries. Connecting to the machine with ssh seems to work fine (although it takes a while to initiate a connection). But when I transfer a file to the machine with scp, it seems to work fine and the scp completes, but an ssh sub-process remains behind on the client and an sshd

Hi, While testing a rails application on DreamHost (mod_rails), I found a really weird problem. If I submit form data which includes "fwrite();" (with semi-colon but without quotes), I get 503 error (Server temporarily unavailable). I checked out rails log file and it didn''t even reach the rails app. I assume the error was from web server. You may test this at

From: Dirk Eddelbuettel <edd@debian.org> > I now have the package built in a chroot -- but at the price of setting > 'LazyLoad: no' in DESCRIPTION. > > I do not quite understand why that is needed. Can someone else help? I can > provide the following pointers for its-1.0.4 > I have had problems on Windows in which I had to pay the same price and it turned out

Hi All; I am trying out the web software from www.drupal.org and I have it Installed to a point ok in my www.werren.net domains. Every time I try to use the .htaccess file in the root directory With even one command showing I get a server mis-config error on the site. The default .htaccess is shown below I use Cent OS 4.7 using the Blue Quartz installer from Nuonce Networks

after having my own dnsbl feeded by a honeypot and even mod_security supports it for webservers i think dovecot sould support the same to prevent dictionary attacks from known bad hosts, in our case that blacklist is 100% trustable and blocks before SMTP-Auth while normal RBL's are after SASL i admit that i am not a C/C++-programmer, but i think doing the DNS request and in case it has a

Hi, many people are having problems using SFTP with ChrootDirectory when the jail directory (or the path above) is not owned by root. The question is if chroot'ing to usual home directories can be allowed, even though they are owned by regular users. I know that this topic has been discussed on the list several times now, so I searched the list archives for posts that invalidate the

Greetings everyone, I have a problem which I believe is a collision between the --ignore-existing option and filter rules. It appears to me that regardless of argument order, when I specify the two on a command line, even if a non-existing directory appears in the filter list as a protect rule. But when I change protect rules to exclude rules, the excluded files/directories appear not to be

I'm trying to install apache 2.2.x from a tarball. And it works. But I'm also trying to install modsecure, and I can't get that to work. It might help to know what CentOS uses to install Apache when doing the ./configure. === Al

I''ve seen several postings where FastCGI is being used with RoR projects, yet, most of the material I''ve read (Dave Thomas'' book, online articles, etc) recommend not using FastCGI anymore because it is a dormant project and hasn''t been updated since 2003 (I think???). So, I went out and got Simple CGI instead. It had to be compiled and installed from