similar to: Dealing with brute force attacks

Message-ID: <479F2A63.2070408 at centos.org> On: Tue, 29 Jan 2008 07:30:11 -0600, Johnny Hughes <johnny at centos.org> Subject Was: [CentOS] Unknown rootkit causes compromised servers > > SOME of the script kiddies check higher ports for SSH *_BUT_* I only see > 4% of the brute force attempts to login on ports other than 22. > > I would say that dropping brute force

We have several web applications deployed under Apache that require a user id / password authentication. Some of these use htdigest and others use the application itself. Recently we have experienced several brute force attacks against some of these services which have been dealt with for the nonce by changes to iptables. However, I am not convinced that these changes are the answer. Therefore

My test / development host runs CentOS-5.x x86_64. There I have successfully created an rpm for GiT-1.6.1-1 for x86_64. Now I would like to build the same rpm package for CentOS-5.x i386, but on the x86_64 machine. Is this even possible? If so, are there any resources that someone can refer me too that explains how? -- *** E-Mail is NOT a SECURE channel *** James B. Byrne

I have a situation where gnome console does not handle vt102 escape sequences properly and therefor need to employ xterm instead. When I run xterm from a gnome terminal window I am presented with an extremely small terminal window employing an almost unreadably small font. I have attempted to set the font size using xrdb and a custom .Xresources file. I can change the colour scheme. I can

I need to setup HylaFax which leads to my first question, anyone got an opinion on whether or not to use HylaFax or HylaFax+? Also, I have to setup a Digi serial port server for an external fax modem. Any reco''s on a robust unit that won''t need to be reset often? Thanks! jlc

Please forgive my ignorance but I need a explanation of how to accomplish the following since I cannot figure it out from the documents. I have a Ruby script with a shebang line that looks like this: #!/usr/bin/env ruby On one particular host I have two Ruby interpreters installed; one the CentOS base version 1.8.6 in /usr/bin/ruby the other version 1.8.7 in /usr/local/bin/ruby. In my shell

I have already deployed a fax server and am about to deploy a backup system for this host at our off-site facility. It struck me that I have given no thought to securing the serial port to unauthorized access. The modem is a Multi-Tech MT5634ZBA which supports data as well as fax. So this poses the same type of risk, if not to the same degree, as an ssh or telnet port but without the

[root at smb4-1 ~ (master)]# samba-tool dns query localhost brockley.harte-lyne.ca brockley.harte-lyne.ca ALL -U administrator Password for [BROCKLEY\administrator]: Name=, Records=4, Children=0 SOA: serial=3, refresh=900, retry=600, expire=86400, minttl=3600, ns=SMB4-1.brockley.harte-lyne.ca., email=hostmaster.brockley.harte-lyne.ca. (flags=600000f0, serial=110, ttl=3600) NS:

Where can I find a list of the options and their usage and meanings for the contents of this file? Regards, -- *** E-Mail is NOT a SECURE channel *** James B. Byrne mailto:ByrneJB at Harte-Lyne.ca Harte & Lyne Limited http://www.harte-lyne.ca 9 Brockley Drive vox: +1 905 561 1241 Hamilton, Ontario fax: +1 905 561 0757 Canada

CentOS-6.5 (FreePBX-2.6) Asterisk-11.14.2 (FreePBX) snom870-SIP 8.7.3.25.5 I am having a very difficult time attempting to get TLS and SRTP working with Asterisk and anything else. At the moment I am trying to get TLS functioning with our Snom870 desk-sets. And I am not having much luck. Since this is an extraordinarily (to me) Byzantine environemnt I am going to ask if any of you have gotten

I have a dc configured to use the samba internal dns service. The version of samba I am using is 4.10.15 packaged for FreeBSD. Its build options state this: BIND911 : off BIND916 : off , , , GSSAPI_BUILTIN : on GSSAPI_MIT : off LDAP : on . . . NSUPDATE : off My smb4.conf file contains this: [global] bind interfaces only = Yes dns forwarder =

Wed Jul 8 16:09:19 UTC 2020, Rowland penny wrote: > No, it is '@' for the name, not 'brockley.harte-lyne.ca' Previously I had tried that as well with similar results as shown below: [root at smb4-1 ~ (master)]# samba-tool dns help delete Usage: samba-tool dns delete <server> <zone> <name> <A|AAAA|PTR|CNAME|NS|MX|SRV|TXT> <data> [root at smb4-1

I have this on the DC smb4-1.brockley.harte-lyne.ca: samba-tool dns query localhost brockley.harte-lyne.ca brockley.harte-lyne.ca ALL -U administrator Password for [BROCKLEY\administrator]: Name=, Records=6, Children=0 SOA: serial=7, refresh=900, retry=600, expire=86400, minttl=3600, ns=SMB4-1.brockley.harte-lyne.ca., email=support.harte-lyne.ca. (flags=600000f0, serial=110, ttl=3600)

I am also seeing this in smbd.log: [2020/07/03 09:20:18.211558, 1] ../../auth/kerberos/gssapi_helper.c:391(gssapi_check_packet) GSS VerifyMic failed: A token had an invalid MIC: unknown mech-code 2529638943 for mech 1 2 840 113554 1 2 2 [2020/07/03 09:20:18.211625, 0] ../../source4/auth/gensec/gensec_gssapi.c:1347(gensec_gssapi_check_packet)

I am obviously missing something basic here but can someone explain to me what is wrong with the first statement, which returns nothing? $ history | grep ^su $ history | grep su 2997 su -l 3024 su -l 3050 su -l 3054 su -l Thanks, -- *** E-Mail is NOT a SECURE channel *** James B. Byrne mailto:ByrneJB at Harte-Lyne.ca Harte & Lyne Limited

On 07.07.2020 21:14, Rowland penny via samba wrote: > On 07/07/2020 20:00, James B. Byrne via samba wrote: >> I have this on the DC smb4-1.brockley.harte-lyne.ca: >> >> samba-tool dns query localhost brockley.harte-lyne.ca >> brockley.harte-lyne.ca >> ALL -U administrator >> Password for [BROCKLEY\administrator]: >> ?? Name=, Records=6, Children=0

This morning I applied the 13 or so new updates to my servers. On one of them the ssh service and clients stopped working immediately after the update. I restarted the server in anticipation that there might be some instability introduced by updating on a system with active ssh connections. However, this has not cleared the problem. The packages in question are: openssh.i386

CentOS-6.2 We moved a cron job from a CentOS-5.7 host to a CentOS-6.2 host. The MAILTO variable is set to support at harte-lyne.ca in both instances. On the CentOS-6 host instead of receiving the mail with the output we see this in /var/log/cron instead: Mar 12 14:49:01 inet09 CROND[6639]: (cron theheart) UNSAFE (support at harte-lyne.ca ) The CentOS-5 host uses Sendmail as the MTA, the

On Wed Jul 8 14:05:32 UTC 2020, L.P.H. van Belle wrote: > The original DNS, was that a Windows 2003 or lower server? > > Because this looks familiar. > (&(flatname=BROCKLEY)(objectclass=primaryDomain))' base: 'cn=Primary Domains': > No such object: dsdb_search... All the Samba service I am working with are test platforms and have never been part of or received data

Samba-4.11.8 on FreeBSd-12.1p5 How does one list all of the actual DNS records for Samba administered zones, forward and reverse? When I use the dns query option of samba-tool I get a summary but no detail: samba-tool dns query localhost brockley.harte-lyne.ca @ ALL -U administrator Password for [BROCKLEY\administrator]: Name=, Records=3, Children=0 SOA: serial=1, refresh=900, retry=600,