similar to: OT mod_security

Hi guys, Just a quick question, I've been slowly moving all my user services to mysql backend, I realise it's probably not as good a choice as LDAP, but you tend to stick with what you know. To that end I want to setup both Apache and VSFTP to use mysql db for virtual users. Basically I want to create virtual users that are locked into their own home dir and have apache use mysql to

Hi, I'm currently fiddling with mod_security, and before going any further, I simply wanted to ask here for any recommended documentation/tutorials on the subject. There seems to be a lot of information about mod_security out there, and right now I have a bit of a hard time wrapping my head around it. I'm grateful for any suggestions. Cheers, Niki Kovacs -- Microlinux - Solutions

I want to add mod_security to my Apache server running CentOS 5.3 and am trying to find a repository to get it from. I found it in EPEL, but they have version 2.1.7, which is over a year old according to what I found on the modsecurity.org website. Is there a repository which is keeping this up to date? Or should I just build it from source? -- Bowie

Hi guys, I was wondering if there was any powered by CentOS logo's available for use on websites that are 'powered by CentOS' Sorta like this mandrake one: http://htmlfixit.com/icons/medbutton.png Always a good idea to promote the cause so to speak and once I've ugpraded my web server I'll be changing the icon and if there isn't a CentOS version, I'll have a go at

I installed mod_security yesterday. Unbelievable the amount of crap it will stop in 24 hrs. Picked up the rpm at http://rpm.pbone.net This should be made part of the CentOS extra, contribs or whatever!!

I've set up a CentOS 5 system as a server for http installs. Currently up-to-date with httpd-2.2.3-11.el5_1.centos.3 mod_security-2.1.7-1.el5 my installs were failing just after the root password set up, before software selection. I tracked it down to a server error 500 and it was due to mod_security claiming the comps.xml file was too big The error: [Tue Jun 10 09:59:01 2008] [error]

On Tue, Aug 23, 2005 at 03:10:45PM +1000, openssh-unix-dev-request at mindrot.org wrote: > Date: Fri, 19 Aug 2005 17:56:19 +1000 > From: Darren Tucker <dtucker at zip.com.au> > Subject: Re: OpenSSH sget/sput suggestion > To: CRX Driver <crxssi at hotmail.com> > Cc: openssh-unix-dev at mindrot.org > Message-ID: <430590A3.1090506 at zip.com.au> > Content-Type:

Hello, Has anyone made any of the above in to CentOS5 rpms? I've googled and not found any CentOS5 rpms and was wondering before i atempt to make them, was wondering if anyone else had any of them? Thanks. Dave.

after having my own dnsbl feeded by a honeypot and even mod_security supports it for webservers i think dovecot sould support the same to prevent dictionary attacks from known bad hosts, in our case that blacklist is 100% trustable and blocks before SMTP-Auth while normal RBL's are after SASL i admit that i am not a C/C++-programmer, but i think doing the DNS request and in case it has a

Hi everyone, I'm looking into setting up a SATA hardware raid, probably 5 to use with CentOS 4. I chose hardware raid over software mostly because I like the fact that the raid is transparent to the OS. Does anyone know of any SATA controllers that are well tested for this sort of usage? From what I can tell from googling, this is more or less where RHEL stands: Red Hat Enterprise Linux

hello all, i intend to impliment Jiri Fojtasek''s imq implimentation here http://hyperfighter.jinak.cz/qos/ on my Linux shaper for production use,I will like to ask if people have implimented it and find it stable and useful as stated in the site. My bandwidth manager will have 3 interfaces , eth0 -internet(live ip, bridged with eth1), eth1(live ip bridged w eth0), eth2 -lan(local

We have several web applications deployed under Apache that require a user id / password authentication. Some of these use htdigest and others use the application itself. Recently we have experienced several brute force attacks against some of these services which have been dealt with for the nonce by changes to iptables. However, I am not convinced that these changes are the answer. Therefore

Greetings ... I have been give the task of either finding a way to stop people from deleting files from our Samba network, or as I suggest that would be less problematic, would be to log deletion requests. I know of the "Samba Recycle Bin" which I will be implimenting with the Samba 2.2.5 release which is just round the corner, but I was hoping that I might be able to impliment a

I'm looking for an example of a simple R script that impliments a contrained nonlinear function using nlm or optim. I'm not exactly sure how to impliment the constraints within the objective function that is passed to nlm/optim. obj.func <- function( p ) { x(p) <- unconstrained obj function value if( constraint1 > something ) { obj.func <- x(p) } else {

Anyone ever implimented cfengine on 4.x ? I am just looking for background and if there are any traps to fall into? thanks

Is it possible using asterisk to allow someone to dial in and remotely change where their call is forwarded to? For example, I'm working from home so I want my calls to go to 555 1234, now I need to go out for a bit so I'd like to phone the office and using DTMF tell the asterisk PBX to now forward my calls to my cell phone 555 3456 Has anyone implimented anything like this? R.

LogWatch reports items like: Connection attempts using mod_proxy: 83.167.123.83 -> 205.188.251.1:443: 1 Time(s) 83.167.123.83 -> 64.12.202.36:443: 2 Time(s) Requests with error response codes 403 Forbidden 205.188.251.1:443: 1 Time(s) 64.12.202.36:443: 2 Time(s) 404 Not Found //jmx-console/HtmlAdaptor: 1 Time(s) /VINT_1984_THINK_DIFFERENT: 1 Time(s)

Hi, I have my rails sites tricked out with capistrano, and backgroundrb, so I can easily use the ant tasks, but I would like to be able to start and stop backgroundrb from within rails. I have a few reasons for this: 1. Using fastcgi, backgroundrb would start under the apache user and the same mod_security context as apache, instead of my developer account which has many more privileges. 2.

Le samedi 16 septembre 2017 ? 20:48 +0530, Nigel Babu a ?crit?: > Hello folks, > > We have discovered that for the last few weeks our mailman server was > used > for a spam attack. The attacker would make use of the + feature > offered by > gmail and hotmail. If you send an email to example at hotmail.com, > example+foo at hotmail.com, example+bar at hotmail.com, it goes

I want to use ruby on rails entirely as an xml-rpc web service server. I.e. it will only be called by clients making xml-rpc requests. What I want to to is be able to use something like the session[] functionality for storing session information. However, storing information in the session[] construct requires that the client be a web browser with cookies enabled. Does anyone know of a