similar to: desktop lockdown on win2k / xp

What: Lockdown <http://stonean.com/projects/show/lockdown> is an authorization/authentication gem for RubyOnRails 2.x This version bundles Classy Inheritance<http://stonean.com/projects/show/classy-inheritance>to simplify the management screens. There is also a lot of template cleanup in this release. *There were no changes to the security engine.* If you have questions, please

Hi group As promised some months ago, I'm letting you know that lockdown is now ready for testing. Please don't study the code to much, I know it is a mess and therefore a rewrite is on it's way. But feel free to take a look at the features offered, how you use them and the default settings. When lockdown is ready for production usage, I'll release version 1.0. I guess that will

I'm seeing errors like this in my event viewer on win2k clients: Source MRx Smb "The master browser has received a server announcement that computer CONAN that believes it is the master browser for the domain ... The master brower is stoppong or an election is being forced." Event ID 8003 The other error that frequently occurs with this: Source: Netlogon "No Windows NT or

Hi all, I am doing some tests with my CentOS7 desktop. I have configured a policy to lockdown Chrome/Chromium browsers and it works perfectly. And I am trying to the same for Firefox browsers but Firefox's docs are really "hard" to understand. I have the following stopper points: a/ what is the "real" system wide's config file: firefox.js, sysprefs.js or

Has anyone had any issues using Cucumber with Lockdown. in the following scenario, I am logged in as an admin and so should have :all access rights, however I get the following error. Authoriztion filed! prms: {"action"=>"index", "controller"=>"admin"} session: {:expiry_time=>Wed Oct 28 13:33:43 +0000 2009,

Hi All, I''m having a bit of trouble wrapping my head around "nil_lockdown_values" in the Lockdown plugin. I''m unfamiliar with how exactly this works. I''m assuming it is a helper method of sorts, but I see no definition. Does Rails simply have the ability to nil_ [somerandomliborclass]_values? Would someone mind unconfusing me? Also, where would I find

Hi, Quoting Pol Van Aubel (2020-01-21 23:41:48) > Hi, > > Quoting Pavel Hrdina (2020-01-21 12:53:49) > > Thanks for the logs, but it did not help to figure out where the issue > > is. I was hoping to see some error output from the syscall but the line > > that should contain it is empty: > > > > 2020-01-20 19:47:15.589+0000: 8579: debug :

Hi folks :-) I'm just installing a fresh new samba server, and trying to authenticate some win xp machines. The config is more or less like this : * Windows XP SP1 with all security upgrades * Samba 3.0.0final-1 running on debian testing I'm more or less following this howto : http://hr.uoregon.edu/davidrl/samba.html#winxp I'm using this smb.conf file : --8<------- [global]

Dear OpenSSH developers, Thanks a lot for your work on OpenSSH. We use it a lot and it is very helpful for our daily work. Would it be possible to have a lockdown option as a workaround in case of a remotely exploitable problem in ssh. This may help react to compromised keys/passwords, configuration issues, software bugs or other problems for example when Debian broke ssh . My Idea would be

Hi, Quoting Pavel Hrdina (2020-01-21 12:53:49) > On Mon, Jan 20, 2020 at 09:00:15PM +0100, Pol Van Aubel wrote: > > Hi, > > > > Quoting Pavel Hrdina (2020-01-20 14:29:36) > > > On Sat, Jan 18, 2020 at 11:17:11PM +0100, Pol Van Aubel wrote: > > > > Hi all, > > > > > > > > I've disabled cgroups v1 on my system with the kernel

I only run one piece of software under wine but this app is still a great risk. The intentions and opportunity of software developers not using open source should not be underestimated. when i run env WINEPREFIX="/ubuntu/PC1/.wine" wine C:\\windows\\system32\\taskmgr.exe I am reminded again of all the security problems with windows. I was thinking that it ought to be easier to

Manon, On Thu, 4 Jul 2024 at 05:00, Manon Goo <manon.goo at dg-i.net> wrote: > My Idea would be to have a shared secret option that the client and server would have to proof to know when initiating the Handshake. The Server or client could terminate the connection immediately when the peer does not know the secret. So in case of a security Problem the administrator could set an

Dear Christian, >How is this different to configuring /etc/securetty and tunnelling >Telnet over SSH Port Forwarding which I don't recommend BTW? In case your SSH is remotely attackable for instance - because your LDAP is configured wrongly, - your run into some problem like CVE-2008-0166 - some users private keys are lost And you want to lock down the sshd and investigate and

Steffen Nurpmeso wrote in <20240714024434.vvSRh10_ at steffen%sdaoden.eu>: ... |[.]do not |know about the AI_V4MAPPED flag[.] I have read https://datatracker.ietf.org/doc/html/draft-cmetz-v6ops-v4mapped-api-harmful-01 but as an application developer i find it ugly not to be able to "simply do it", and get back a mapped address. --steffen | |Der Kragenbaer,

On 14/07/2024 03:49, Steffen Nurpmeso wrote: > I have read > > https://datatracker.ietf.org/doc/html/draft-cmetz-v6ops-v4mapped-api-harmful-01 > > but as an application developer i find it ugly not to be able to > "simply do it", and get back a mapped address. You are looking at a Internet draft which expired more than 20 years ago.

On 04.07.24 01:41, Manon Goo wrote: > - some users private keys are lost Then you go and remove the corresponding pubkeys from wherever they're configured. Seriously, even if you do not scan which pubkey is configured where *now* (as is part of our usual monitoring), it'll be your "number <3" task *then* to go hunt it down. > And you want to lock down the sshd

Gert Doering wrote in <ZpUvZQr0T-vOToo2 at greenie.muc.de>: |On Sun, Jul 14, 2024 at 10:25:46AM +0100, Brian Candler wrote: |> On 14/07/2024 03:49, Steffen Nurpmeso wrote: |>> https://datatracker.ietf.org/doc/html/draft-cmetz-v6ops-v4mapped-api-\ |>> harmful-01 |>> |>> but as an application developer i find it ugly not to be able to |>>

Hi, On Sun, Jul 14, 2024 at 10:25:46AM +0100, Brian Candler wrote: > On 14/07/2024 03:49, Steffen Nurpmeso wrote: > > I have read > > > > https://datatracker.ietf.org/doc/html/draft-cmetz-v6ops-v4mapped-api-harmful-01 > > > > but as an application developer i find it ugly not to be able to > > "simply do it", and get back a mapped address.

Simon Josefsson wrote in <87jzi1fg24.fsf at kaka.sjd.se>: |Jochen Bern <Jochen.Bern at binect.de> writes: |> (And since you mention "port knocking", I'd like to repeat how fond I |> am of upgrading that original concept to a single-packet |> crypto-armored implementation like fwknop.) | |I am reluctantly considering to use some kind of port knocking

I have an application that uses opengl. If no hardware opengl support is available it works fine (not a highend application). If opengl hw support is available on the mac platform it fails because of the not complete opengl cappabilities in xquartz. So: can I enforce the use of software opengl renderin instead of hardware rendering? If yes: how can i configure this?