Displaying 20 results from an estimated 10000 matches similar to: "centos 6 + hardened php"
2008 Feb 15
4
Hardened PHP? Suhosin patch?
Hi,
I'm running a few PHP-based apps on our server (PMB, SPIP, Joomla,
PHPMyAdmin), and I'm not always comforted about security. I don't know
the details, but many a security expert frowns when it comes to PHP.
Now I just stumbled over this:
http://www.hardened-php.net/suhosin.127.html
Has anyone already tried this out? An opinion about it? Is it worth it?
Since I have to
2015 Apr 22
1
SIG - Hardening
I think, this SIG would/should care about hardening CentOS itself as a system not a complete environment (proxies, firewalls, etc.)
The examples of the opener show this.
Something else could be integrity checking possibly.
I imagine a tool/script that could apply hardening stuff.
Regards
Tim
Am 22. April 2015 09:23:52 MESZ, schrieb Eero Volotinen <eero.volotinen at iki.fi>:
>Sounds
2015 Oct 30
2
disable ZTS in php
Yeah Erro, ok you have a point. I'll do that. Thanks!
On Fri, Oct 30, 2015 at 11:40 AM, Eero Volotinen <eero.volotinen at iki.fi>
wrote:
> This is really wrong way to do this. Install yum-utils and use
> yumdownloader --source package-name to get rhel version of package. Then
> modify spec file and recompile.
>
> Eero
> Hey guys,
>
> I'm trying to disable
2011 Mar 14
3
any tutorial/how to for su-exec php under selinux on centos 5?
Hi,
Any good tutorial how to setup su-exec php unders selinux on centos 5?
--
Eero
2015 Apr 22
2
SIG - Hardening
SELinux?
On 22 April 2015 at 09:11, John R Pierce <pierce at hogranch.com> wrote:
> On 4/21/2015 11:34 PM, Eero Volotinen wrote:
>
>> apply also ideas from this document:
>> https://benchmarks.cisecurity.org/downloads/show-single/?file=rhel6.130
>>
>
> that should be your baseline. I suspect you'll find all the things you
> mentioned are discussed in
2016 Apr 01
2
Libreswan PEM format
I generated according to the docs . Which produced
my server.secrets as below
used the command
ipsec newhostkey --configdir /etc/ipsec.d --output
/etc/ipsec.d/www.example.com.secrets
: RSA {
# RSA 3328 bits ***.**.net Fri Apr 1 15:39:32 2016
# for signatures only, UNSAFE FOR ENCRYPTION
2015 Apr 16
2
Centos 5 & tls v1.2, v1.1
in fact: modgnutls provides easy way to get tlsv1.2 to rhel 5
--
Eero
2015-04-16 21:02 GMT+03:00 Eero Volotinen <eero.volotinen at iki.fi>:
> well. this hack solution might work:
> http://www.tuxad.de/blog/archives/2014/11/19/openssl_updatesenhancements_for_rhel__centos_5/index.html
>
> --
> Eero
>
> 2015-04-16 17:30 GMT+03:00 Leon Fauster <leonfauster at
2016 Apr 01
2
Libreswan PEM format
Just trying to follow the instructions here
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Security_Guide/sec-Securing_Virtual_Private_Networks.html
I don't think I am doing anything special.
At the point where there is some communication going on
Getting this error
packet from *****:1024: received Vendor ID payload [Cisco-Unity]
Apr 01 17:33:44
2016 Mar 21
2
IPSec multiple VPN setups
Err. Sounds like security nightmare.
21.3.2016 7.47 ip. "Glenn Pierce" <glennpierce at gmail.com> kirjoitti:
> Will ask my boss :) We are hosted on memset so not so easy to update
>
> Thanks
>
> On 21 March 2016 at 17:36, Eero Volotinen <eero.volotinen at iki.fi> wrote:
> > Centos 5 is still soon end of life. Using it as ipsec gateway is ..
> >
2016 Apr 01
5
Libreswan PEM format
Sorry but I have looked for over two days. Trying every command I could find.
There is obviously a misunderstanding somewhere.
After generating a key pair with
ipsec newhostkey --configdir /etc/ipsec.d --output /etc/ipsec.d/my.secrets
I exported to a file with
ipsec showhostkey --ipseckey > file
The man pages says
ipsec showhostkey outputs in ipsec.conf(5) format,
Ie
***.server.net.
2016 Mar 21
4
IPSec multiple VPN setups
err. upgrades?
You mean reinstall? As upgrading between major releases are not supported
in any way on centos / rhel and clones..
--
Eero
2016-03-21 20:33 GMT+02:00 <m.roth at 5-cent.us>:
> Glenn Pierce wrote:
> > I asked about upgrading once and got no reply. Does anyone have
> experience
> > of having a hosted centos upgraded on a virtual server. Would you usually
2015 Apr 16
2
Centos 5 & tls v1.2, v1.1
Am 16.04.2015 um 11:46 schrieb Leon Fauster <leonfauster at googlemail.com>:
> Am 16.04.2015 um 11:43 schrieb Eero Volotinen <eero.volotinen at iki.fi>:
>> Is there any nice way to get tlsv1.2 support to centos 5?
>> upgrading os to 6 is not option available.
>
>
> Unfortunately not.
https://bugzilla.redhat.com/show_bug.cgi?id=1066914
--
LF
2015 Apr 17
4
Centos 5 & tls v1.2, v1.1
Yep, maybe using ssl offloading devices like (BigIP) that receives tls1.2
and tlsv1.2 and then re-encrypts traffic with tls1.0 might be "cheapest"
solution.
--
Eero
2015-04-17 14:15 GMT+03:00 Johnny Hughes <johnny at centos.org>:
> On 04/16/2015 05:00 PM, Eero Volotinen wrote:
> > in fact: modgnutls provides easy way to get tlsv1.2 to rhel 5
> >
> > --
>
2016 Apr 01
2
Libreswan PEM format
I have tried
openssl rsa -in bicester_left.pub -outform pem > bicester_left.pem
I get
unable to load Private Key
140372295030648:error:0906D06C:PEM routines:PEM_read_bio:no start
line:pem_lib.c:701:Expecting: ANY PRIVATE KEY
On 1 April 2016 at 13:59, Eero Volotinen <eero.volotinen at iki.fi> wrote:
> You can do any kind of format conversions with openssl commandline client.
>
2016 Jan 22
1
回复: How to get UEFI setting by shell?
Hi,volotinen:
as it mentioned in your web link:
"Your on the right track your module need to be signed", my question how to sign test_file_system.ko?
thanks,
w.k.
------------------ ???? ------------------
???: "eero.volotinen";<eero.volotinen at iki.fi>;
????: 2016?1?22?(???) ??3:42
???: "CentOS mailing list"<centos at
2015 Nov 21
3
Urgent Help
My boot folder has only rescue vm. How to get actual vm?
Shiva Prasad Nath
92981134
On Sun, Nov 22, 2015 at 12:43 AM, Eero Volotinen <eero.volotinen at iki.fi>
wrote:
> Using rescue mode or some other rescuecd..
>
> Eero
> 21.11.2015 6.41 ip. "Siva Prasad Nath" <shivaprasadnath21 at gmail.com>
> kirjoitti:
>
> > Hi,
> > From yesterday my
2015 Mar 02
4
selinux allow FTP
2015-03-03 0:43 GMT+02:00 Tim Dunphy <bluethundr at gmail.com>:
> >
> > errr, I meant, sftp, not rscp
>
>
> Heh.. yeah. But the client isn't gonna go for that. LOL. Any way to allow
> regular ol' FTP using SELinux? Or does that just defeat the purpose of
> having a secure SELlinux server entirely?
>
FTP is not safe as it does not encrypt username(s)
2015 Jun 08
1
could not insert 'fuse' error on CentOS 7.1
This looka good: https://github.com/juliogonzalez/s3fs-fuse-rpm
Eero
7.6.2015 4.23 ip. "Tim Dunphy" <bluethundr at gmail.com> kirjoitti:
> >
> > Centos 7 base repo contains fuse, use it. it works. handcompiling
> packages
> > to centos is *really* stupid, without proper knowledge..
>
>
> Thanks, you're right. The Centos 7 package works.
>
>
2016 Mar 21
3
IPSec multiple VPN setups
Centos 5 is still soon end of life. Using it as ipsec gateway is ..
Eero
21.3.2016 7.25 ip. "Mike - st257" <silvertip257 at gmail.com> kirjoitti:
> On Mon, Mar 21, 2016 at 1:17 PM, Mike - st257 <silvertip257 at gmail.com>
> wrote:
>
> > I second Eero's comment, use a new IPSec daemon.
> >
> > Openswan was forked and became Libreswan. Paul, now
2015 Nov 13
2
Fresh installation using usb
?
20151113_123827.mp4
<https://drive.google.com/file/d/0BwbqyaG4rXrCUXNfTWI3ZEk4N1k/view?usp=drive_web>
?We are using R630. Do you think it is better to install from DVD?
Few times I waited for a long time. Bar was not moving in the screen.
Please refer to the video.
On Friday, November 13, 2015, Eero Volotinen <eero.volotinen at iki.fi> wrote:
> what is model of your poweredge