similar to: CentOS-docs Digest, Vol 95, Issue 2

In there you are almost telling people that security through obscurity is a good way. That might sometimes be true but in this case it could mean that you would be handing passwords and other data out. When you start SSH on port 22 it is done with root privileges because the root user is the only one that can use ports below 1024. Root is the only user that can listen to that port or do

Hello, I would like permission to contribute information to the wiki... Username: CaseyDoyle To append an additional method for ssh blocking with firewallD: Page: https://wiki.centos.org/HowTos/Network/SecuringSSH#head-3579222198adaf43a3ecbdc438ebce74da40d8ec Suggest to add the following info to it pertinent section: ------ 6. Filter SSH at the Firewall complementary to iptables method,

This was sent to me regarding the wiki. ---------- Forwarded message ---------- From: "Martin Kon??ek" <mkonicek12 at gmail.com> Date: Mar 7, 2013 4:44 AM Subject: mistake on Securing SSH To: <timothy.ty.lee at gmail.com> Cc: Hi TImothy, I saw wiki http://wiki.centos.org/HowTos/Network/SecuringSSH and it is pretty good, but there is a mistake. *Instead of having* iptables

HI all, 1st time contributor here. I was using the guide on securing SSH, and noticed that the firewall-cmd snippets for filtering by requests per time seem somewhat outdated. From what I can tell the given snippets, relay arguments directly down to iptables, and do not cover both IPv4 and v6. (and in fact when attempting to extend to v6 the firewall would fail to reload). I came up with an

generalizing somewhat from my earlier note about the "securing SSH" page: http://wiki.centos.org/HowTos/Network/SecuringSSH i don't know what level of intro a page like that should have but when i've presented things like this to classes i've taught, or written short online tutorials, the very first thing i document are the packages involved. in this case, the first

> On 12/02/15 20:03, Warren Young wrote: > > Hi, just a quick note to whoever is maintaining this page: > > > > http://wiki.centos.org/HowTos/Network/SecuringSSH > > > > The procedure is missing the firewall-cmd calls necessary in EL7: > > > > firewall-cmd --add-port 2345/tcp > > firewall-cmd --add-port 2345/tcp --permanent > > This

Thank you, I've gone in and made the listed changes changed firewalld sections to use services instead of just port numbers. -- Kimee On Wed, 2019-04-24 at 17:05 -0700, Akemi Yagi wrote: > On Wed, Apr 24, 2019 at 12:13 AM Kimberlee Integer Model > <kimee.i.model at gmail.com> wrote: > > > > HI all, > > > > 1st time contributor here. I was using the

Hi, I would like to add a small section about "Banners" to "Securing OpenSSH" and then link it to the "Banner Files". Any objections ? or is this a task for the author ? Kind regards Mats Ref.: http://wiki.centos.org/HowTos/Network/SecuringSSH http://wiki.centos.org/TipsAndTricks/BannerFiles

On Wed, Apr 24, 2019 at 12:13 AM Kimberlee Integer Model <kimee.i.model at gmail.com> wrote: > > HI all, > > 1st time contributor here. I was using the guide on securing SSH, and > noticed that the firewall-cmd snippets for filtering by requests per > time seem somewhat outdated. From what I can tell the given snippets, > relay arguments directly down to iptables, and do

Hi there, Wouldn't that be a better solution to create a custom xml file to put in /etc/firewalld and load that "ssh-custom" service instead ? Thanks On 26/04/2019, Kimberlee Integer Model <kimee.i.model at gmail.com> wrote: > Thank you, I've gone in and made the listed changes changed firewalld > sections to use services instead of just port numbers. > > --

No, I think the rules you created might have a better place in a custom xml file instead of being given to firewall cmd directly :) On Fri, 26 Apr 2019 at 23:01, Kimberlee Integer Model < kimee.i.model at gmail.com> wrote: > I'm not sure I follow, you just think the modified one should be called > "ssh-custom", or you think there shouldn't be a modified service file

I was attempting the same on a local sandbox and also have the same problem. Current: 3.8.4 Volume Name: shchst01 Type: Distributed-Replicate Volume ID: bcd53e52-cde6-4e58-85f9-71d230b7b0d3 Status: Started Snapshot Count: 0 Number of Bricks: 4 x 3 = 12 Transport-type: tcp Bricks: Brick1: shchhv01-sto:/data/brick3/shchst01 Brick2: shchhv02-sto:/data/brick3/shchst01 Brick3:

I'm not sure I follow, you just think the modified one should be called "ssh-custom", or you think there shouldn't be a modified service file at all? -- Kimee On Fri, 2019-04-26 at 19:46 +0200, Thibaut Perrin wrote: > Hi there, > > Wouldn't that be a better solution to create a custom xml file to put > in /etc/firewalld and load that "ssh-custom"

Yes Atin. I'll take a look. On Wed, Dec 20, 2017 at 11:28 AM, Atin Mukherjee <amukherj at redhat.com> wrote: > Looks like a bug as I see tier-enabled = 0 is an additional entry in the > info file in shchhv01. As per the code, this field should be written into > the glusterd store if the op-version is >= 30706 . What I am guessing is > since we didn't have the commit

Thibaut, I did a little more reading, and according to both firewalld.service(5) and firewalld.org the service XML files, can only handle source/destination/port, and cannot handle the actions to be performed. I will update where possible to use the service files, but log/accept limit will still need to be encoded in rich rules. -- Kimee On Mon, 2019-04-29 at 20:43 -0400, Kimberlee Integer Model

Looks like a bug as I see tier-enabled = 0 is an additional entry in the info file in shchhv01. As per the code, this field should be written into the glusterd store if the op-version is >= 30706 . What I am guessing is since we didn't have the commit 33f8703a1 "glusterd: regenerate volfiles on op-version bump up" in 3.8.4 while bumping up the op-version the info and volfiles were

Hi, I propose to add a Q and A to the FAQ section of the SecuringSSH HowTo<https://wiki.centos.org/HowTos/Network/SecuringSSH> documenting the business of setting setsebool -P use_nfs_home_dirs 1 to allow public key authentication between machines that share nfs home directories as per https://www.centos.org/forums/viewtopic.php?t=49194 could I get editing rights to that page? Thanks

Hi, I'm trying to use the current version of dovecot as the IMAP server for Kolab and things seem to be working more or less OK, but while working on it I've found a dovecot bug that can probably be fixed quickly by someone familiar with the code. I've found the problem using shared folders, but it is related to ACLs and METADATA. The problem appears when a user only has the

Hola lista he estado trabajando el la traducci?n de la pagina de la wiki http://wiki.centos.org/HowTos/Network/SecuringSSH pues estuve hablando con Alain Reguera y me dijo que pusiera las traducciones que hiciera ac? para que lo revisaran, bueno no se como funciona bien esta lista pero ah? les mando la traducci?n para que la revisen y me den sus opiniones y despu?s me digan como hago para ponerla

Ah. I understand now. I was considering roughly the same, but wasn't sure whether that or rich rules was preferable. -- Kimee On Sat, 2019-04-27 at 01:39 +0200, Thibaut Perrin wrote: > No, I think the rules you created might have a better place in a > custom xml file instead of being given to firewall cmd directly :) > > On Fri, 26 Apr 2019 at 23:01, Kimberlee Integer Model