similar to: noexec tmp directory

Does mounting /tmp as noexec,nosuid break anything in CentOS 5? I've been in solaris land forever and a day and this is a pretty standard security measure. I noticed CentOS comes default mounting /tmp with both those options allowed.. I'm getting constant php hack attacks against (mostly script kiddie level stuff right now) my server and will rest much easier with this setting in place..

On 06/10/2013 01:41 PM, pr.G wrote: > On Mon, Jun 10, 2013 at 09:29:32AM +0400, свящ. Георгий Гольцов wrote: >> On Mon, Jun 10, 2013 at 09:07:08AM +0800, Gao feng wrote: >>> On 06/09/2013 08:14 PM, pr.G wrote: >>>> Hello. >>>> >>>> Is it possible to start container via libvirt_lxc without mounting /sys >>>> inside container?

Hello! How do i get pass this error? offlinehacker:~/ $ virsh --debug 0 -c lxc:/// create o1.xml create: file(optdata): o1.xml error: Failed to create domain from o1.xml error: internal error: No valid cgroup for machine c1 My cgroups seem to be mounted: cgroup on /sys/fs/cgroup/systemd type cgroup

Hi all Each lxc container on node have mounted tmpfs for cgroups tree: [root-inside-lxc@tst1 ~]# mount | grep cgroups cgroup on /sys/fs/cgroup/cpu,cpuacct type cgroup (rw,nosuid,nodev,noexec,relatime,cpuacct,cpu) cgroup on /sys/fs/cgroup/cpuset type cgroup (rw,nosuid,nodev,noexec,relatime,cpuset) cgroup on /sys/fs/cgroup/memory type cgroup (rw,nosuid,nodev,noexec,relatime,memory) cgroup on

i'm experimenting with some basic removable media mounting exercises for an upcoming class, and i read that, while you can use gconf-editor to change some of the mount options in cases like that, there is no way to override the mount options of nodev, noexec and nosuid. for example, that claim is made here (admittedly for fedora, but it appears to be true for centos as well):

This is yet-another reason to _partition_ your disks. Of course hard links do not work accross filesystems. Even thought it is a pain in the neck to do when installing your operating system, think about separating critical system files from non-critical and non-system files from system files. I would say that the following layout is a good place to start: / /usr (nosuid,nodev,ro) /usr/local

I noticed after my install that the tmp directory was A- not a sticky B- still executable I went and changed etc/fstab to add loop,noexec,nosuid,rw, which I hope is the right thing to do. I rebooted and it looks like it worked. When doing an ls -l on the main directory, the tmp folder lit up all green in putty (cool, I hope) But the chmods I did with winscp will not take effect (they do on

Hi! I am using xen-tools version: 3.9-4 to create domUs: 1. time xen-create-image --verbose --dist=lenny --install-source=/mnt/xen-file-images/lenny-64-template-debootstrap-30Jun09-fix2.tar --hostname dummy --ip xxx.xxx.xxx.xxx --force 2. xm create dummy.cfg Then I get the message Device /dev/vg0/dummy-disk is mounted in the privileged domain, and so cannot be mounted by a guest. 3. When I

Hi Samba List, I am finding a strange problem between a mount samba directory. Any clues why this is happening? The server side is WD MyBook World Edition II and the export directory is: /shares/internal/Music/ on the client site I am mounting the directory to /mnt/mybook-music the client is an ubuntu server $ uname -a Linux tsunami 2.6.24-22-generic #1 SMP Mon Nov 24 18:32:42 UTC 2008

Sorry for the delayed response, Louis, I'm not sure how to tell about having "cifs/UPN" - Please advise. I was able to mount with sec=krb5 after the user is logged in but that does not help getting "home" mounted during the login. But here is where I am now: I have been able to pam_mount "home" during the login but could not get the ACLs during the mount

Rowland, How would I find this info? Check if 'Rachel Jones' has a 'gecos' attribute in AD. You seem to be being denied access to '.Xauthority', was it created on another machine ? No However, I am sure '-13' usually means incorrect password. I am sure the password is correct, the /mnt/home/rachel folder is created but the user files are not created because

On 12/31/2015 10:34 AM, Rowland penny wrote: > On 31/12/15 15:27, James wrote: >> On 12/31/2015 10:10 AM, Rowland penny wrote: >>> On 31/12/15 14:43, James wrote: >>>> On 12/30/2015 4:14 PM, Rowland penny wrote: >>>>> ./configure --prefix=/usr --mandir=/usr/share/man >>>>> --infodir=/usr/share/info --sysconfdir=/etc/bind

Hi samba List, I am finding a strange problem between a mount samba directory. Any clues why this is happening? I have two servers. The samba server is a Western Digital World Edition II (2) server. The samba client (server) is running Ubuntu-kernel linux-2.6.24-22-generic The samba server is exporting the directory: /shares/internal/Music/ The client is mounting the exported directory to

Hi I''m looking into forensic aspects of ZFS, in particular ways to use ZFS tools to investigate ZFS file systems without writing to the pools. I''m working on a test suite of file system images within VTOC partitions. At the moment, these only have 1 file system per pool per VTOC partition for simplicity''s sake, and I''m using Solaris 10 6/06, which may not

On Wed, February 15, 2017 10:22 am, Chris Adams wrote: > Once upon a time, Leonard den Ottolander <leonard at den.ottolander.nl> said: >> On Wed, 2017-02-15 at 09:47 -0600, Johnny Hughes wrote: >> > 2. They already have shell access on the machine in question and they >> > can already run anything in that shell that they can run via what you >> > are

Hi, I was trying to rebuild world on a FreeBSD 10 test system, that I had just installed. ZFS root was setup. I let the installation program do all the ZFS setup and configuration. I put root on a 5 disk encrypted raidz array. Besides the installer configuring 5 times the amount of swap space I asked for (asked for 8gb, installer put 8gb on each drive, for 40gb in total.) everything was working

Hello, I've been playing a bit with the "noexec" flag for filesystems. It can represent a substantial obstacle against the exploitation of security holes. However, I think it's not perfect yet. First thing, an attempt to execute a program from a noexec-mounted filesystem should be logged. It is either a very significant security event, or it can drive nuts an

On 12/31/2015 11:01 AM, Reindl Harald wrote: > > > Am 31.12.2015 um 16:51 schrieb James: >> I forgot, I do not want to update the distro at the moment. My >> production is currently on 12.04. Want to keep things symmetrical. I'm >> going to compile and build bind again. >> >> mount | grep /run >> tmpfs on /run type tmpfs

Hi list, I've browsed through the archives, but I didn't find a answer for this: I use smbclient to access a windowsNT 4.0 server. I get only '?' for filenames which contains Umlauts. F.e., a file called "Verkn?pfung" is displayed as "Verkn?pfung". I use following mount-string: mount.smbfs //SERVER/Share /home/xxx -o rw noexec nosuid nodev user codepage

On 25/09/2020 12:55, Robert Wooden wrote: > Thanks Dr, Naumer and Rowland. > > Although still not quite correct, my pam_mount.conf.xml looks like: > root at lws4:~# cat /etc/security/pam_mount.conf.xml > <debug enable="1" /> > <volume fstype="fuse" > server="mbr04.subdom.example.com <http://mbr04.subdom.example.com>" >