similar to: [Bug 880] SELinux patch

Hi all, I'm wondering whether it is feasible or not to run two distinct sshd daemons with different config options! I have a CentOS 4.4 gateway with 2 Ethernet interfaces. One is connected to the Internet and the other to the LAN. Basically, what I would like to do is having a sshd that listens to the LAN interface with password enabled auth. and a sshd bound to the Internet interface with

Hi, I am happy to (re)send a set of patches for compiling OpenSSH 4.7p1 with FIPS 140-2 OpenSSL. These are based on previously reported patches by Steve Marquess <marquess at ieee.org> and Ben Laurie <ben at algroup.co.uk>, for ver. OpenSSH 3.8. Note that these patches are NOT OFFICIAL, and MAY be used freely by anyone. Issues [partially] handled: SSL FIPS Self test. RC4,

Hi Brian, Does "iptables -L" show anything of note? I'm leaving iptables off in this host. Because it's an AWS EC2 host I'm managing the firewall ports using the AWS security groups. [root at ops:~] #service iptables status Firewall is stopped. But still, there's this... [root at monitor1:~] #/usr/local/nagios/libexec/check_nrpe -H ops.jokefire.com CHECK_NRPE:

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, This may or may not be a bug. However, it is DEFINITELY NOT how I would expect and want to see sshd work! If you run lsof against sshd on a privilege separated user, it shows that sshd's CWD is /. I would hope that the CWD would be at a minimum /var/empty/sshd and I would really have thought it would be something along the lines of

On Wed, Sep 23, 2020 at 05:57:50PM +0200, Pino Toscano wrote: > Do not attempt to relabel a guest in case its SELinux enforcing mode is > not "enforcing", as it is either pointless, or it may fail because of an > invalid policy configured. > --- > mlcustomize/SELinux_relabel.ml | 26 +++++++++++++++++++++++++- > 1 file changed, 25 insertions(+), 1 deletion(-) >

Thank for your answer: But i dont know understand why is following not working: I want to restrict the ssh access for a special domain member: In my "sshd_config" i added: AllowGroups restrictaccess root With user2 im able to login via ssh! log: pam_krb5(sshd:auth): user user2 authenticated as user2 at ROOTRUDI.DE With user1 im not! log: User user1 from 192.168.0.100 not allowed

Hello all, after a useless discussion on the opensuse ML I had to find out that they buried the removal news of libwrap last year in some half-sentence. So this is unfortunately pretty late for the topic. Nevertheless it is pretty obvious that you did not get any feedback from people using ssh over decades in server-administration. Let me make a clear point: libwrap removal was a pretty bad idea.

Hello Everybody, I am trying to install puppet on Red Hat Enterprise Linux Server release 5.8 Beta (Tikanga) I have installed the following rpms sudo rpm -ivh http://yum.puppetlabs.com/el/5/products/i386/puppetlabs-release-5-6.noarch.rpm I am getting the following error when I am trying to install puppet server sudo yum install puppet-server puppet-3.0.1-1.el5.noarch

Damien-- Attached is a patch to contrib/redhat/sshd.init which eliminates the dependency on the success() and failure() functions from initscripts>=4.16. This allows sshd.init to be used for both early and recent releases of Red Hat Linux (i've confirmed it works on both 4.2 and 5.2 as well as 6.2). The patch also removes the 'Requires: initscripts >= 4.16' line from

After installing the puppet labs repo, I try running ''yum install -y puppet-server and recieve: Error: Multilib version problems found. This often means that the root cause is something else and multilib version checking is just pointing out that there is a problem. Eg.: 1. You have an upgrade for libselinux which is missing some dependency

All, There was some discussion recently on Ubuntu Launchpad regarding the bug in NUT 2.2.1 where it was not possible to connect with an accept- all ACL: https://bugs.launchpad.net/bugs/235653 The package was patched for the upcoming Ubuntu release (intrepid), but the discussion drifted to the merits of application-level ACLs (comment 11 and beyond). Steve Langasek brings up a good point

Hello there, I have been trying to make the patch work for libwrap(TCP Wrappers) posted on http://dovecot.org/patches <http://dovecot.org/patches%20Patch%20of%201.1> Patch of 1.1 but could not get it work. Any help will be highly appreciated. After compiling and running it I get error "Error: login_tcp_wrappers can't be used because Dovecot wasn't built with

Hi all, I've set SELinux to disabled using the security and firewall widget but I'm still getting a lot of messages in Logwatch.... NULL security context for user, but SELinux in permissive mode, continuing () So it looks like SELinux is still operating. Can anyone tell me how to turn it off completely? It's my development server under my desk so I reallly don't care

Hi all. Now that we have SSHDLIBS for the libraries required by sshd only, it's possible to remove some of the single-purpose variables from Makefile. If this is worth doing, the next step would probably be to move the OpenSSL libs into CRYPTOLIBS since binaries such as scp and sftp don't need to be linked with libcrypto. Index: Makefile.in

I have set up entries in /etc/hosts.allow and /etc/hosts.deny as follows: /etc/hosts.allow sendmail : 10.0.0.0/255.0.0.0 sendmail : LOCAL /etc/hosts.deny sendmail : ALL When I try to connect to port 25 from an Internet host via telnet, the server still responds as usual. The only difference I see is this in my /var/log/maillog: Apr 24 15:41:49 server sendmail[20691]: m3OKfna20691: tcpwrappers

Package: xen-hypervisor-4.5-amd64_4.5.0-1_amd64.deb Version: 4.5.0-1 Hi, I use xen with sdl, not with vnc. When I boot on xen-hypervisor-4.4-amd64, everything is fine. With Debian or Windows 8.1 I have a good display, But when I choose at boot, the xen-hypervisor-4.5-amd64, things go wrong. If I launch a xen Debian, I get some blur effect on the display. And when I launch a xen Windows8.1,

Interesting to see the Equivalence. As a first thing, I tried: semanage fcontext -a -e /var/lib/mysql.old /var/lib/mysql then restorecon -R /var/lib/mysql # semanage fcontext -lC SELinux fcontext type Context /home/users(/.*)? all files system_u:object_r:user_home_dir_t:s0 /var/lib/mysql all

I generated a new host key for one of our systems using: ssh-keygen -t rsa -b 4096 -f ssh_host_rsa_key_4096 I then ran 'ls -Z on the keys' ll -Z *key* -rw-------. root root system_u:object_r:sshd_key_t:s0 ssh_host_dsa_key -rw-r--r--. root root system_u:object_r:sshd_key_t:s0 ssh_host_dsa_key.pub -rw-------. root root system_u:object_r:sshd_key_t:s0 ssh_host_key -rw-r--r--. root

On Thu, May 21, 2015 at 1:05 AM, Michael Stone <mstone at mathom.us> wrote: > On Wed, May 20, 2015 at 03:58:22PM +0200, Stephan von Krawczynski wrote: > >> Show me this as an example of your firewall skills and replace this >> hosts.allow entry: >> >> sshd: .... : spawn (echo -e "%u@%h[%a] on `/bin/date`" to %d connected >> me | >>

Thanks, I managed to fix /var/lib/mysql # ls -ldZ /var/lib/mysql drwxr-xr-x. mysql mysql system_u:object_r:mysqld_db_t:s0 /var/lib/mysql To fix it, I tried: semanage fcontext -d -e /var/lib/mysql this command returned: KeyError: /var/lib/mysql I tried restorecon anyway: restorecon -Rv /var/lib/mysql But not better: ls -ldZ /var/lib/mysql drwxr-xr-x. mysql mysql system_u:object_r:var_lib_t:s0