similar to: centos 6 + hardened php

Hi, I'm running a few PHP-based apps on our server (PMB, SPIP, Joomla, PHPMyAdmin), and I'm not always comforted about security. I don't know the details, but many a security expert frowns when it comes to PHP. Now I just stumbled over this: http://www.hardened-php.net/suhosin.127.html Has anyone already tried this out? An opinion about it? Is it worth it? Since I have to

I think, this SIG would/should care about hardening CentOS itself as a system not a complete environment (proxies, firewalls, etc.) The examples of the opener show this. Something else could be integrity checking possibly. I imagine a tool/script that could apply hardening stuff. Regards Tim Am 22. April 2015 09:23:52 MESZ, schrieb Eero Volotinen <eero.volotinen at iki.fi>: >Sounds

Yeah Erro, ok you have a point. I'll do that. Thanks! On Fri, Oct 30, 2015 at 11:40 AM, Eero Volotinen <eero.volotinen at iki.fi> wrote: > This is really wrong way to do this. Install yum-utils and use > yumdownloader --source package-name to get rhel version of package. Then > modify spec file and recompile. > > Eero > Hey guys, > > I'm trying to disable

Hi, Any good tutorial how to setup su-exec php unders selinux on centos 5? -- Eero

SELinux? On 22 April 2015 at 09:11, John R Pierce <pierce at hogranch.com> wrote: > On 4/21/2015 11:34 PM, Eero Volotinen wrote: > >> apply also ideas from this document: >> https://benchmarks.cisecurity.org/downloads/show-single/?file=rhel6.130 >> > > that should be your baseline. I suspect you'll find all the things you > mentioned are discussed in

I generated according to the docs . Which produced my server.secrets as below used the command ipsec newhostkey --configdir /etc/ipsec.d --output /etc/ipsec.d/www.example.com.secrets : RSA { # RSA 3328 bits ***.**.net Fri Apr 1 15:39:32 2016 # for signatures only, UNSAFE FOR ENCRYPTION

in fact: modgnutls provides easy way to get tlsv1.2 to rhel 5 -- Eero 2015-04-16 21:02 GMT+03:00 Eero Volotinen <eero.volotinen at iki.fi>: > well. this hack solution might work: > http://www.tuxad.de/blog/archives/2014/11/19/openssl_updatesenhancements_for_rhel__centos_5/index.html > > -- > Eero > > 2015-04-16 17:30 GMT+03:00 Leon Fauster <leonfauster at

Just trying to follow the instructions here https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Security_Guide/sec-Securing_Virtual_Private_Networks.html I don't think I am doing anything special. At the point where there is some communication going on Getting this error packet from *****:1024: received Vendor ID payload [Cisco-Unity] Apr 01 17:33:44

Err. Sounds like security nightmare. 21.3.2016 7.47 ip. "Glenn Pierce" <glennpierce at gmail.com> kirjoitti: > Will ask my boss :) We are hosted on memset so not so easy to update > > Thanks > > On 21 March 2016 at 17:36, Eero Volotinen <eero.volotinen at iki.fi> wrote: > > Centos 5 is still soon end of life. Using it as ipsec gateway is .. > >

Sorry but I have looked for over two days. Trying every command I could find. There is obviously a misunderstanding somewhere. After generating a key pair with ipsec newhostkey --configdir /etc/ipsec.d --output /etc/ipsec.d/my.secrets I exported to a file with ipsec showhostkey --ipseckey > file The man pages says ipsec showhostkey outputs in ipsec.conf(5) format, Ie ***.server.net.

err. upgrades? You mean reinstall? As upgrading between major releases are not supported in any way on centos / rhel and clones.. -- Eero 2016-03-21 20:33 GMT+02:00 <m.roth at 5-cent.us>: > Glenn Pierce wrote: > > I asked about upgrading once and got no reply. Does anyone have > experience > > of having a hosted centos upgraded on a virtual server. Would you usually

Am 16.04.2015 um 11:46 schrieb Leon Fauster <leonfauster at googlemail.com>: > Am 16.04.2015 um 11:43 schrieb Eero Volotinen <eero.volotinen at iki.fi>: >> Is there any nice way to get tlsv1.2 support to centos 5? >> upgrading os to 6 is not option available. > > > Unfortunately not. https://bugzilla.redhat.com/show_bug.cgi?id=1066914 -- LF

Yep, maybe using ssl offloading devices like (BigIP) that receives tls1.2 and tlsv1.2 and then re-encrypts traffic with tls1.0 might be "cheapest" solution. -- Eero 2015-04-17 14:15 GMT+03:00 Johnny Hughes <johnny at centos.org>: > On 04/16/2015 05:00 PM, Eero Volotinen wrote: > > in fact: modgnutls provides easy way to get tlsv1.2 to rhel 5 > > > > -- >

I have tried openssl rsa -in bicester_left.pub -outform pem > bicester_left.pem I get unable to load Private Key 140372295030648:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:701:Expecting: ANY PRIVATE KEY On 1 April 2016 at 13:59, Eero Volotinen <eero.volotinen at iki.fi> wrote: > You can do any kind of format conversions with openssl commandline client. >

Hi,volotinen: as it mentioned in your web link: "Your on the right track your module need to be signed", my question how to sign test_file_system.ko? thanks, w.k. ------------------ ???? ------------------ ???: "eero.volotinen";<eero.volotinen at iki.fi>; ????: 2016?1?22?(???) ??3:42 ???: "CentOS mailing list"<centos at

My boot folder has only rescue vm. How to get actual vm? Shiva Prasad Nath 92981134 On Sun, Nov 22, 2015 at 12:43 AM, Eero Volotinen <eero.volotinen at iki.fi> wrote: > Using rescue mode or some other rescuecd.. > > Eero > 21.11.2015 6.41 ip. "Siva Prasad Nath" <shivaprasadnath21 at gmail.com> > kirjoitti: > > > Hi, > > From yesterday my

2015-03-03 0:43 GMT+02:00 Tim Dunphy <bluethundr at gmail.com>: > > > > errr, I meant, sftp, not rscp > > > Heh.. yeah. But the client isn't gonna go for that. LOL. Any way to allow > regular ol' FTP using SELinux? Or does that just defeat the purpose of > having a secure SELlinux server entirely? > FTP is not safe as it does not encrypt username(s)

This looka good: https://github.com/juliogonzalez/s3fs-fuse-rpm Eero 7.6.2015 4.23 ip. "Tim Dunphy" <bluethundr at gmail.com> kirjoitti: > > > > Centos 7 base repo contains fuse, use it. it works. handcompiling > packages > > to centos is *really* stupid, without proper knowledge.. > > > Thanks, you're right. The Centos 7 package works. > >

Centos 5 is still soon end of life. Using it as ipsec gateway is .. Eero 21.3.2016 7.25 ip. "Mike - st257" <silvertip257 at gmail.com> kirjoitti: > On Mon, Mar 21, 2016 at 1:17 PM, Mike - st257 <silvertip257 at gmail.com> > wrote: > > > I second Eero's comment, use a new IPSec daemon. > > > > Openswan was forked and became Libreswan. Paul, now

? 20151113_123827.mp4 <https://drive.google.com/file/d/0BwbqyaG4rXrCUXNfTWI3ZEk4N1k/view?usp=drive_web> ?We are using R630. Do you think it is better to install from DVD? Few times I waited for a long time. Bar was not moving in the screen. Please refer to the video. On Friday, November 13, 2015, Eero Volotinen <eero.volotinen at iki.fi> wrote: > what is model of your poweredge