similar to: Advice for Internet facing Mailserver

ever since implementing the no-recursion-on-outside queries fix on one of my name servers, my logwatch emails have been 10-20MB/day, filled with crud like... client 10.191.192.212 query (cache) 'm.777.liyuanxi.com/A/IN' denied: 1 Time(s) client 10.192.34.96 query (cache) 'dyjwntl.www.0411gogo.com/A/IN' denied: 1 Time(s) client 10.192.43.105 query (cache)

Someone recently suggested building a system for automatically testing student's R programs. They would upload them to our Virtual Learning Environment, which would then run the code on some inputs and see if it got the right output. If it does, the student scores points for that course. My first thought was "you want to run unchecked, student-submitted code on a server that has access

Hi. This is mostly hypothetical, just because I want to see how knowledgeable people would go about achieving it: I want to sandbox Mozilla Firefox. For the sake of example, I'm running it under my own user account. The idea is that it should be allowed to connect to the X server, it should be allowed to write to ~/.mozilla and /tmp. I expect some configurations would want access to audio

Dear folks, It seems that doing bind() inside a jail (whose IP address is an outside address), will result in some wierd behavior, that the actual bind is done on the outside address. For example, binding to 127.0.0.1:6666 inside a jail addressed 192.168.1.1, will finally result in a bind to 192.168.1.1:6666. With this in mind, it is possible that some formerly secure configuration fail in jail

Hello: I have been looking into projects that will automatically restrict hacking attempts on my servers running CentOS 5. I think the two top contenders are: DenyHosts - http://denyhosts.sourceforge.net Fail2ban - http://www.fail2ban.org >From what I see, DenyHosts only blocks based on failed SSH attempts whereas Fail2ban blocks failed attempts for other access as well. The main benefit

Suppose I have a CentOS 5.7 machine running the default Apache with no extra modules enabled, and with the "yum-updatesd" service running to pull down and install updates as soon as they become available from the repository. (Assume further the password is strong, etc.) On the other hand, suppose that as the admin, I'm not subscribed to any security alert mailing lists which send

Hi, after reading the docs (no man page) and seeing a few example howtos, I see none for Centos specifically. I hereby offer to write this and even host it, and any other wiki-able howto you want, if you can school me on the first few steps relevant to how to link up the current rpmforge rpm for RHEL4-64. See, right now, the one for centos loads into the /usr/share/doc, which is an odd place

Hello, I've installed denyhosts on centos 5.3 trying to block automated attacks on ssh. It appears to be working in that entries are being added to /etc/hosts.deny yet the daily emails sent from denyhosts show only one ip being added perday when the total is many more than that. My config is below, i've gone over it and am not seeing what i missed. Suggestions welcome. I was also

I received this message today, and remembered, you can't do that... $ doveadm pw -s SHA512-CRYPT Enter new password: doveadm(dan): Fatal: open(/dev/tty) failed: No such file or directory </pre> It seems if you have no tty, you can't create a password. Surely there is a better way to do this? Looking at the code, it's trying to open the tty and turn off echo. For the

Hello, What is the best way to protect multiuser systems from brute force attacks? I am setting up a relatively loose DenyHosts policy, but I like the idea of locking an account for a time if too many attempts are made, but to balance this with keeping the user from making a helpdesk call. What are some policies/techniques that have worked for this list with minimal hassle? Thanks! -Eugene

There are 4 options in ASTCC routes, when I go to edit a route. How does that work? Thanks __________________________________ Do you Yahoo!? The all-new My Yahoo! - Get yours free! http://my.yahoo.com

I'm looking for a way to deny access to dovecot from certain IP addresses, basically to help prevent brute force attacks on the server. Right now I'm using denyhosts which scans /var/log/secure for authentication failures which then can add an entry to /etc/hosts.deny, but since dovecot doesn't have tcp wrappers support, that doesn't do anything. It doesn't look like I can

Hi, i have one centos 4.3 box, exposed to the internet. since several weeks ago, i found numerous attemps to connect through SSH, but failed. they tried with many username, including root. it's comes from different IP. some of them are foreign website. How do i make my centos become smarter in handling this kind of attacks. eventhough i've disable all the user accounts, left only the

I'd like to see a feature of the commercial ssh in openssh: AllowHosts xxx.yyy.xxx.yyy *.domain.net DenyHosts xxx.yyy.xxx.* name.domain.net This allows or denies connects from certain machines (including wildcard matching). Is there any chance for this feature to be included? No, we don't want to use tcp-wrapper for this. Bye.

Hi, My denyhosts stop working. How do i check why isnt it working anymore for me? Thanks Oct 2 22:59:17 beyond sshd[15690]: Failed password for root from 221.7.37.142 port 49836 ssh2 Oct 2 22:59:17 beyond sshd[15692]: Received disconnect from 221.7.37.142: 11: Bye Bye Oct 2 22:59:18 beyond sshd[15701]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser=

Hi, to prevent scripted dictionary attacks to sshd I applied those iptables rules: -A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -m recent --update --seconds 60 --hitcount 4 --name SSH --rsource -j DROP -A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -m recent --set --name SSH --rsource And this is part of logwatch: sshd: Authentication Failures: unknown

I've setup postfix to delivered my mail to a maildir located at /var/spool/virtual_mailboxes/mydomain.com/myuser My postgresql database called 'mails' has a user table setup as follows: CREATE TABLE users ( userid VARCHAR(128) NOT NULL, password VARCHAR(128), realname VARCHAR(128), uid INTEGER NOT NULL, gid INTEGER NOT NULL, home VARCHAR(128), mail VARCHAR(255),

Hello ! I am using shorewall , it is okey. Just i like to forbid edonkey as i did for kazaa using ftwall. Thanks. Wahid.

Hi all, ?Is there any app like denyhosts[1] but intended for MySQLd service? We have a mysql ports (3306) opened for remote connections, and obviously the /var/db/mysql/machine_name.log is full of these kind of entries: ........... 936012 Connect Access denied for user 'user'@'85.19.95.10' (using password: YES) 936013 Connect Access denied for user

Hello everyone, I''ve got a Rails app that''s going to replace an in-house application, where the customers are used to having to deal with maintaining their own servers and data. As these are non-IT customers, maintaining servers and data is a long way from their core business and thus quite costly for them. I''m hoping to slice their costs by removing the requirement