similar to: Hardening CentOS by removing "hacker" tools

Hi All:) I would like to start using a tool for automating of os hardening. I found some informations about Bastille. One things which attracted my attention is that in http://bastille-linux.sourceforge.net/news_updates.htm the last post is from January 29th, 2012 :D Is the tool ready to use at the moment with CentOS 6/7? Are there any alternatives which you can recommend? Thanks for all info

Hi, Is there any automated tool like Bastille Linux for freebsd to harden the system security? Thanks jerry _________________________________________________________________ Send a funky MSN Messenger Christmas card http://www.msn.co.uk/christmascard

Hi Guys, I would like advice for best practices to secure my linux boxes. Know if I have been hacked, know of security breaches, etc. Can anyone provide advice? -Jason

WE have a centos 5.3 install, and our server is keep getting hacked. We see load averages of 500+ and see people from all over the world logging into our server (used last). Is there a good place to start to avoid these kinds of things? For example, here is what I already did. Open up sshd port only setup iptables to only accept port 80 and 22 No FTP No other ports are allowed according to IP

Has anyone got Bastille-linux running on Centos-5.6? http://bastille-linux.sourceforge.net claims RHEL5 support but I ran into problems running it on a Centos 5.6 test system. First I had to "ln -s /usr/lib64/Bastille /usr/lib" just to get it to run at all. Then I tried faking /etc/redhat-release with Red Hat Enterprise Linux Server release 5.6 ... but I get this (why would it want

Hello, As discussed on the centos-users list, I would like to create some pages on the CentOS Wiki with instructions on how to set up your environment to build RPMs and how to rebuild RPMs. This content today exists here: http://wiki.centos.org/HowTos/I_need_the_Kernel_Source#head-a8dae925eec15786df9f6f8c918eff16bf67be0d I would suggest creating these two: 1)

Hello, I noticed something unusual today. If I "du" a small file (couple of bytes) in CentOS 5, it tells me the file is using 8kb, while I was expecting 4kb which is the block size I'm using. I tried this on several CentOS 5 machines, both x86_64 and i386: $ echo test >test.txt $ ls -l test.txt -rw-rw-r-- 1 filbranden filbranden 5 Mar 11 17:24 test.txt $ du -h test.txt 8.0K

I have a client project to implement PCI/DSS compliance. The PCI/DSS auditor has stipulated that the web server, application middleware (tomcat), the db server have to be on different systems. In addition the auditor has also stipulated that there be a NTP server, a "patch" server, The Host OS on all of the above nodes will be CentOS 6.2. Below is a list of things that would be

On Tue, Feb 17, 2009 at 11:33, Alan Bartlett <ajb.stxsl at googlemail.com> wrote: > The subject line for this "conversation / thread" reads: > "Re: [CentOS-docs] [CentOS] Is the NFS lockd bug fixed ?" > The contents, however, relates to XFS & the CentOSPlus kernel. > Filipe, please take care with what you do. :-) Very sorry about that. Fixed it now. In

Hi, Small correction there. Example 4 of section 2 (how to use XFS with CentOSPlus kernel) says you should use this configuration line in [centosplus] section of yum: includepkgs=kernel* xfs* dmapi* However, the XFS module's package name is kmod-xfs*, so I believe it should actually be: includepkgs=kernel* kmod-xfs* xfs* dmapi* I did this on a system of mine, and in the first case it did

A colleague supplied me with a set of rpms he built on his Fedora box and when I tried to install them with yum localinstall I got a missing dependency: Resolving Dependencies --> Running transaction check ---> Package hipl-doc.i386 0:1.0.4-1 set to be updated ---> Package hipl-tools.i386 0:1.0.4-1 set to be updated --> Processing Dependency: python(abi) = 2.5 for package:

Hi, Is anyone chrooting users that connect through SSH? I looked for it on Google and I basically saw several methods: - OpenSSH 5 supports ChrootDirectory (FC9 apparently has RPMs that probably could be rebuilt under CentOS 5) - There seem to be several patches for OpenSSH 4.x to do the chroot, the most popular seems to be http://chrootssh.sf.net/ - There appears to be a pam_chroot - There are

I just setup CENTOS 4.7 with latest patches on DELL server. I also configured NTP point to out time server. I found /var/log/messages file every 20 to 30 minutes will generate a error message : Mar 15 14:28:15 SER1 ntpd[25037]: sendto(172.29.21.16): Invalid argument Mar 15 14:45:22 SER1 ntpd[25037]: sendto(172.29.21.16): Invalid argument Mar 15 15:02:29 SER1 ntpd[25037]: sendto(172.29.21.16):

Hello, I recently noticed that Thunderbird updates are missing from CentOS 5. First, I noticed that Thunderbird 2.0.0.19 is available in the "updates" repo of CentOS 5.2, but not on the "updates" repo of CentOS 5.3. The version in the "os" repo of CentOS 5.3 is 2.0.0.18. - Thunderbird 2.0.0.19 in CentOS 5.2 updates repo:

NOTE: in order to apply this patch you should: git mv btrfsck.c cmd-fsck.c This patch moves btrfsck in to "btrfs fsck". It also adds support for symlinks to the btrfs binary to retain compablity, =) I think something should be done to the help description but i''m not sure what... Anyway, feedback is welcome. -- To unsubscribe from this list: send the line "unsubscribe

We are tried to count how many files belong to certain group. Our system administrator told us "non-owner" can easy change file group name to another. I have been tried several combination and never successful (only ROOT can change file group to other name). Does anyone know how "no-owner" can change file group name? Thanks.

Hi, Some time ago one of my public servers (running Slackware64 14.0) got attacked and was misused to send phishing emails. This misadventure made me more concerned about security, so I spent the last few weeks catching up on security, reading docs about SELinux and how to use it, etc. I have a public sandbox server running CentOS 7, and I'm currently experimenting quite a lot with Apache

Is any way to detect changed MAC adresses? Someone taught change MACs peoples in my network and I have problems. E.g. Two computers working on one MAC, and one IP (static ARP and DHCP). WinXP is screaming some message... that two computers or more have the same IP. How can I find out who''s changed MAC?

Hi all CentOS users, I have writing shell script for check oracle processes in real time and alert with e-mail. I read script like below NUMBEROFPRO=/oracle/10.2.0/db_1/bin/sqlplus / as sysdba <<EOF1 |grep processes|awk '{print $2}' SELECT resource_name,current_utilization,limit_value FROM V\$RESOURCE_LIMIT WHERE RESOURCE_NAME IN ('processes','sessions'); quit EOF1

Can you do this? I have not found the options to get this to happen. So far I have seen how to read the Audio CD and make a directory of WAV files with a control file for later burning to CD, but I want an iso image that I can archive and burn audio CDs to use as they get used up.