similar to: IPTABLES and Hi-Risk blocking

Can anyone offer informed comments on the relative merits of choosing xen over vmware server, or vice versa? The target OS would all be CentOS4.2 or later as they become available. The host hardware would all be 2.8GHz i86-P4 with 250 GB IDE drives and 2 GB RAM. Regards, Jim -- *** e-mail is not a secure channel *** mailto:byrnejb.<token>@harte-lyne.ca James B. Byrne

Hit reply instead of reply all. This is for the list. -------------------------- Original Message -------------------------- Subject: Re: [CentOS] Can one construct an IPTables rule to block on NS records? From: "James B. Byrne" <byrnejb at harte-lyne.ca> Date: Wed, October 7, 2015 08:52 To: "John R Pierce" <pierce at hogranch.com>

On Mon, December 7, 2015 13:41, Matthew Miller wrote: > On Fri, Dec 04, 2015 at 09:03:50AM -0500, James B. Byrne wrote: >> On Thu, Dec 03, 2015 at 02:50:38PM -0500, m.roth at 5-cent.us wrote: >> > For laptops, great. For anything else, not so much. For example, >> > it's supposed to be an *ENTERPRISE* o/s... why does it >> > automatically, without ever

Is the maximum permitted value for --hitcount documented anywhere? I reliably get a iptables-restore error when I specify a hitcount value greater than 20 but I cannot find any mention of there being a maximum value. -- *** E-Mail is NOT a SECURE channel *** James B. Byrne mailto:ByrneJB at Harte-Lyne.ca Harte & Lyne Limited

On Wed, June 24, 2015 16:11, Chuck Campbell wrote: > > Is there an easy to follow "howto" for normal LVM administration > tasks. I get tired of googling every-time I have to do something > I don't remember how to do regarding LVM, so I usually just > don't bother with it at all. > > I believe it has some benefit for my use cases, but I've been >

This is the same origin that I reported on earlier. Apparently asking for an explanation of why they were probing our sites only encouraged them to make additional attempts. sshd: Authentication Failures: unknown (ip-173-201-178-18.ip.secureserver.net): 2 Time(s) unknown (ip-97-74-196-33.ip.secureserver.net): 2 Time(s) unknown (ip-97-74-202-95.ip.secureserver.net): 2

I went to reload (iptables-restore) my iptables configuration and obtained an error at the COMMIT statement. No further details were provided even when I ran restore with the -v option. I determined that none of my backed up configuration files going back to October will load either. This is more than passing strange because I altered and uploaded the iptables configuration on this host several

On Mon, January 25, 2016 19:12, Benjamin Smith wrote: > > Which I'd consider "best practices" and we do them. > They are specifically asking about what to do *after* a > breach. Despite all the best practices in > place, there's *still* some risk. > If someone wants in to your network then they will get in. There is no point in deluding yourself or your

Would someone please explain to me the difference in effect between the following two IPTABLES conditions and the significance thereof in concurrent connection limiting? --tcp-flags SYN,ACK,FIN,RST SYN -j REJECT \ --connlimit-above 3 --connlimit-mask 32 --state NEW -j REJECT \ --connlimit-above 3 --connlimit-mask 32 -- *** e-Mail is NOT a SECURE channel *** Do

It appears likely that within the next two quarters we will be moving off of our IPv4 class C's and onto a single IPv6 /40 for our sites. We have a fairly complex IPTables setup which handles our gateways and internal hosts. My question is just how much effort is involved in moving these rules from IPv4 to IPv6? Are there elements in one that are not available in the other? Are there any

I am experimenting with a kvm virtual machine. At the moment I trying to configure iptables for the the host instance. In Xen terms I would call this Dom0 but I do not know the appropriate KVM term, if any. The setup I have is a single NIC (eth0) host bridged (bridge0). I want iptables to allow all host generated traffic (! bridge0 I think) and to check all other traffic for brute force

Postfix on CentOS-6.2 evidently does not use upstart style configurations. The author evidently has no plans on altering Postfix's structure to accommodate upstart any time soon, if ever (http://tech.groups.yahoo.com/group/postfix-users/message/274670). Thus Postfix starts and stops using a sysvinit style script. Nonetheless, I have an upstart configuration that I wish to be dependent upon

I changed the entries in smb4.conf (smb.conf) to this: [global] . . . dns update command = /usr/local/sbin/samba_dnsupdate nsupdate command = /usr/local/bin/samba-nsupdate -d -g And this is what results when I run: samba_dnsupdate --verbose -d8 --all-names . . . update(nsupdate): SRV _ldap._tcp.Default-First-Site-Name._sites.ForestDnsZones.brockley.harte-lyne.ca

I am testing DC administration using samba-4.10.15 on FreeBSD-12.1p6 and have run across this: [root at smb4-2 ~ (master)]# samba-tool domain join BROCKLEY.HARTE-LYNE.CA DC -U"BROCKLEY\administrator" INFO 2020-06-25 14:26:10,692 pid:47306 /usr/local/lib/python3.7/site-packages/samba/join.py #104: Finding a writeable DC for domain 'BROCKLEY.HARTE-LYNE.CA' INFO 2020-06-25

This is all the diagnostic information I can think of at the moment: [root at smb4-1 ~ (master)]# klist Credentials cache: FILE:/tmp/krb5cc_0 Principal: administrator at BROCKLEY.HARTE-LYNE.CA Issued Expires Principal Jul 2 10:35:11 2020 Jul 2 20:35:11 2020 krbtgt/BROCKLEY.HARTE-LYNE.CA at BROCKLEY.HARTE-LYNE.CA [root at smb4-1 ~ (master)]# grep nsup

> Could be because you added the wrong line to your smb4.conf (why does > freebsd call it smb4.conf ?), Why does freebsd put these things in /usr/local/etc/? Some questions have answers that are not worth the effort to know. > try: > nsupdate command = /usr/local/sbin/nsupdate -g I did catch that error earlier. But it makes no difference. samba_dnsupdate does not give any

Thank you for your patience. On Tue, June 30, 2020 16:48, Rowland penny wrote: > > From 'man smb.conf': > > nsupdate command (G) > > This option sets the path to the nsupdate command which is used for > GSS-TSIG dynamic DNS updates. > > Default: nsupdate command = /usr/bin/nsupdate -g > > dns update command (G) > > This

I have introduced some error in my dns resolution and I would like some help fixing it as I cannot seem to detect what I have done wrong. Briefly the setup is this: name servers: DNS01 - 216.185.71.33 DNS02 - 209.47.176.33 DNS03 - 216.185.71.34 DNS04 - 209.47.176.34 - offline DNS01 is a master DNS02-04 are slaves of 216.185.71.33 All are listed as authoritative for the zone test.com The

On 07/07/2020 20:00, James B. Byrne via samba wrote: > I have this on the DC smb4-1.brockley.harte-lyne.ca: > > samba-tool dns query localhost brockley.harte-lyne.ca brockley.harte-lyne.ca > ALL -U administrator > Password for [BROCKLEY\administrator]: > Name=, Records=6, Children=0 > SOA: serial=7, refresh=900, retry=600, expire=86400, minttl=3600, >

I have this on the DC smb4-1.brockley.harte-lyne.ca: samba-tool dns query localhost brockley.harte-lyne.ca brockley.harte-lyne.ca ALL -U administrator Password for [BROCKLEY\administrator]: Name=, Records=6, Children=0 SOA: serial=7, refresh=900, retry=600, expire=86400, minttl=3600, ns=SMB4-1.brockley.harte-lyne.ca., email=support.harte-lyne.ca. (flags=600000f0, serial=110, ttl=3600)