similar to: Simple way to banish IP addresses ?

Hi, I've recently setup a new server for our public libraries. For the last two years, this has been my first "big" job, since it involves networking eleven small to medium size public libraries. There was a hiccup some time ago when the administration hiring me wanted to do it on their own, but it took them less than two weeks to get the server hacked and lose everything. So

Hello, What is the best way to protect multiuser systems from brute force attacks? I am setting up a relatively loose DenyHosts policy, but I like the idea of locking an account for a time if too many attempts are made, but to balance this with keeping the user from making a helpdesk call. What are some policies/techniques that have worked for this list with minimal hassle? Thanks! -Eugene

I'm looking for a way to deny access to dovecot from certain IP addresses, basically to help prevent brute force attacks on the server. Right now I'm using denyhosts which scans /var/log/secure for authentication failures which then can add an entry to /etc/hosts.deny, but since dovecot doesn't have tcp wrappers support, that doesn't do anything. It doesn't look like I can

Hi, I'm running CentOS 7 on an Internet-facing server. SELinux is in permissive mode for debugging. I've removed FirewallD and replaced it with a custom-made Iptables script. I've also installed and configured Fail2ban (fail2ban-server package) to protect the server from brute force attacks. Out of the box, Fail2ban doesn't seem to play well with SELinux. Here's what I

Hi, to prevent scripted dictionary attacks to sshd I applied those iptables rules: -A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -m recent --update --seconds 60 --hitcount 4 --name SSH --rsource -j DROP -A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -m recent --set --name SSH --rsource And this is part of logwatch: sshd: Authentication Failures: unknown

Hi, I'm currently installing a CentOS 5 desktop as a public internet access point. The machine shuts down every day automatically at 22:30. Is there a way I can display a message in GNOME at 22:15 warning the user that the machine will shutdown in 15 minutes ? Any suggestions ? Niki Kovacs

Le 18/02/2015 09:24, Michael Volz a ?crit : > Hi Niki, > > md127 apparently only uses 81.95GB per disk. Maybe one of the partitions has the wrong size. What's the output of lsblk? [root at nestor:~] # lsblk NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT sda 8:0 0 232,9G 0 disk ??sda1 8:1 0 3,9G 0 part ? ??md126 9:126 0 3,9G 0 raid1 [SWAP] ??sda2 8:2

Hi, I'm using the SquidAnalyzer network analysis tool in combination with Squid. Up until now, I've been running Slackware Linux on my servers. I built a custom package that installs SquidAnalyzer to /var/www/vhosts/squidreport/html. Then I setup an Apache virtual host for SquidAnalyzer's pages. Since I'm migrating my servers from Slackware to CentOS, I'd like to build a

Hi, Until last week, I could install a CentOS 7 based desktop using the following approach: 1. Install minimal system. 2. yum groupinstall "X Window System" 3. yum install gdm gnome-classic-session gnome-terminal liberation-fonts 4. Install applications as needed. This morning, the package group "X Window System" seems to have disappeared. This is embarrassing. What

Hi, What's the most simple way to check if my microphone works on a plain CentOS 5.3 desktop? Is there a simple way, for example, to record voice into a simple .wav file? Niki

Hi, Until now, I've only managed local user management on small network with no more than five or six machines, e. g. all user data stored locally on each and every machine (/etc/passwd, /etc/shadow, /etc/group). Now I'd like to learn remote identity management, that is, all user data stored centrally on one machine (so I don't have to wonder who has which UID and GID when I want

Hi, Is there any 'explodepkg' equivalent for the rpm command? What I want is simply uncompress an RPM package to get the files directly, but I didn't find anything in rpm's manpage. Cheers, Niki Kovacs

Hi, I'm looking for recommendations for documentation about the specificities of RHEL/CentOS 7.x. It can be either online or in printed book format, and I'm fluent in german, french and english. I have a good books about 5.x: "RHEL 5 Unleashed" from Sams, "Foundations of CentOS Linux" and "The Definitive Guide to CentOS", both from Apress. Can anyone

Hi, Is there any way I can read a .docx file on my CentOS desktop ? Cheers, Niki

Hi, I'm running a small business (http://www.microlinux.fr) offering various services around GNU/Linux, among which migrating folks from Windows to Linux. On server and desktops, I'm using CentOS exclusively. I know, Fedora would be more suitable, but I like the solidity of CentOS, and I can always build the odd missing bits myself from Fedora SRPMS. My heavily customized

Hi, I'm currently fiddling with G4U (Ghost for Unix), and I need to setup a local FTP server in order to get it to work. # yum groupinstall "FTP Server" --> installed vsftpd Here's what I'd like to do : * no anonymous access * only one user (user 'install' / pass 'install') The machine I'm installing it on has a static IP ok

Hi, I've been running Squid successfully on CentOS 7 (and before that on 6 and 5), and it's always been running nicely. I've been using it mostly as a transparent proxy filter in school networks. So far, I've only been able to filter HTTP. Do any of you do transparent HTTPS filtering ? Any suggestions, advice, caveats, do's and don'ts ? Cheers from the snowy South of

Hi, I have a bit of a tricky question about rsync. Let's say I want to backup a bunch of configuration files with rsync, in a script. What I don't want to do : a full snapshot of /etc. What I want to do : backup only those files I need, in an otherwise empty directory tree. In my script, I'd begin with a list of the files I effectively want to backup. Something like :

Hi, To get my system on time, I usually issue these two commands: # ntpdate de.pool.ntp.org # hwclock -w And when I want this to be done on startup, I put the two lines in rc.local. I wonder if this is an orthodox way to do things. Or is there something more appropriate? Niki Kovacs

Hi, I recently made a CentOS install on a machine with an unsupported network card. I had to add the driver for it later, once I finished the install. For now I have this: [kikinovak at localhost ~]$ hostname --fqdn localhost.localdomain Q: how would I change this to something like calimero.local? Here's what I *would* do, but I prefer to ask before. 1) edit /etc/sysconfig/network and