similar to: Another Fedora decision

On Wed, Feb 04, 2015 at 08:18:23AM -0800, Keith Keller wrote: > On 2015-02-04, James B. Byrne <byrnejb at harte-lyne.ca> wrote: > > > > One might question why *nix distributions insist on providing a known > > point of attack to begin with. Why does user 0 have to be called > > root? Why not beatlebailey, cinnamon or pasdecharge? > > That is more or less

On Wed, February 4, 2015 10:18 am, Keith Keller wrote: > On 2015-02-04, James B. Byrne <byrnejb at harte-lyne.ca> wrote: >> One might question why *nix distributions insist on providing a known point of attack to begin with. Why does user 0 have to be called root? Why not beatlebailey, cinnamon or pasdecharge? > > That is more or less what OS X does. User 0 still exists,

On Wed, February 4, 2015 10:35 am, Scott Robbins wrote: > On Wed, Feb 04, 2015 at 08:18:23AM -0800, Keith Keller wrote: >> On 2015-02-04, James B. Byrne <byrnejb at harte-lyne.ca> wrote: >> > >> > One might question why *nix distributions insist on providing a known >> > point of attack to begin with. Why does user 0 have to be called >> > root?

I run a sshd host solely to allow employees to tunnel secure connections to our internal hosts. Some of which do not support encrypted protocols. These connections are chroot'ed via the following in /etc/ssh/sshd_config Match Group !wheel,!xxxxxx,yyyyy AllowTcpForwarding yes ChrootDirectory /home/yyyyy X11Forwarding yes Where external users belong to group yyyyy (primary). We

I think it well to recall that the change which instigated this tempest was not to the network operations of a RHEL based system but to the 'INSTALLER' process, Anaconda. Now, I might be off base on this but really, ask yourself: Who exactly uses an installer program? And what is the threat model being addressed by requiring that the installer set a suitably strong password for root?

On Thu, May 26, 2016 10:51, Juan Bernhard wrote: > > El 26/05/2016 a las 11:39 a.m., Valeri Galtsev escribi?: >> I guess, it is just me in general unhappy about all Linuxes >> getting much less "UNIX"y lately. > > I feel you Valerei, im switching new server instalations to FreeBSD. > Im tired to spend useful time learning new ways (systemd, firewalld, > dnf,

On Thu, July 23, 2015 13:19, m.roth at 5-cent.us wrote: > Physically dragging the thread back on topic... > > I really am going crazy, trying to deal with the hourly logs from the > loghost. We've got 170+ servers and workstations... but a *very* large > percentage of what's showing up is from his bloody new fedora 22, with > its idiot systemd logging of *ever* selinux

On Fri, 2016-06-17 at 15:56 +0100, Michael H wrote: > On 17/06/16 15:46, James B. Byrne wrote: > > > > We operate a private CA for our domain and have since 2005. We > > maintain a public CRL strictly in accordance with our CPS and have our > > own OID assigned. Our CPS and CRL together with our active, expired > > and revoked certificate inventory is

On Fri, June 17, 2016 12:31, Valeri Galtsev wrote: > > On Fri, June 17, 2016 10:19 am, James B. Byrne wrote: > >> Keys issued to individuals certainly should have short time limits >> on them. In the same way that user accounts on systems should >> always have a near term expiry date set. People are careless. >> And their motivations are subject to change. >

On 2015-02-04, James B. Byrne <byrnejb at harte-lyne.ca> wrote: > > One might question why *nix distributions insist on providing a known > point of attack to begin with. Why does user 0 have to be called > root? Why not beatlebailey, cinnamon or pasdecharge? That is more or less what OS X does. User 0 still exists, and it's labelled as "root", but there is no

While attempting to debug something else I ran across this: ssh -vvv somehost . . . debug1: Connection established. debug1: permanently_set_uid: 0/0 debug1: identity file /root/.ssh/identity type -1 debug1: identity file /root/.ssh/identity-cert type -1 debug3: Not a RSA1 key file /root/.ssh/id_rsa. debug2: key_type_from_name: unknown key type '-----BEGIN' debug3: key_read: missing

On Thu, June 16, 2016 13:53, Walter H. wrote: > On 15.06.2016 16:17, Warren Young wrote: >> but it also affects the other public CAs: you can???t get a >> publicly-trusted cert for a machine without a publicly-recognized >> and -visible domain name. For that, you still need to use >> self-signed certs or certs signed by a private CA. >> > A private CA is the

On Fri, March 10, 2017 9:52 am, Warren Young wrote: > On Mar 10, 2017, at 6:32 AM, James B. Byrne <byrnejb at harte-lyne.ca> wrote: >> >> On Thu, March 9, 2017 09:46, John Hodrien wrote: >>> >>> fsck's not good at finding disk errors, it finds filesystem errors. >> >> If not fsck then what? > > badblocks(8). And I definitely will

On Fri, January 9, 2015 17:36, John R Pierce wrote: > On 1/9/2015 2:32 PM, Always Learning wrote: >> Enterprise, in the RHEL context, suggests stability or have I >> misunderstood the USA definition of "Enterprise" ? > > > Enterprise to me implies large business Enterprise literally means 'undertaking'. It has been used euphemistically since the later

On Thu, March 24, 2016 11:56, g wrote: > > > On 03/24/16 09:29, Richard wrote: >>> Date: Thursday, March 24, 2016 14:10:41 +0000 >>> From: Always Learning <centos at u64.u22.net> >>> On Wed, 2016-03-23 at 22:29 -0700, Alice Wonder wrote: >>> >>>> What purpose does it serve? I don't object to it being there >>>> but I

[root at smb4-1 ~ (master)]# samba-tool dns query localhost brockley.harte-lyne.ca brockley.harte-lyne.ca ALL -U administrator Password for [BROCKLEY\administrator]: Name=, Records=4, Children=0 SOA: serial=3, refresh=900, retry=600, expire=86400, minttl=3600, ns=SMB4-1.brockley.harte-lyne.ca., email=hostmaster.brockley.harte-lyne.ca. (flags=600000f0, serial=110, ttl=3600) NS:

Where can I find a list of the options and their usage and meanings for the contents of this file? Regards, -- *** E-Mail is NOT a SECURE channel *** James B. Byrne mailto:ByrneJB at Harte-Lyne.ca Harte & Lyne Limited http://www.harte-lyne.ca 9 Brockley Drive vox: +1 905 561 1241 Hamilton, Ontario fax: +1 905 561 0757 Canada

On Thu, March 9, 2017 09:46, John Hodrien wrote: > On Thu, 9 Mar 2017, James B. Byrne wrote: > >> This indicated that a bad sector on the underlying disk system might >> be the source of the problem. The guests were all shutdown, a >> /forcefsck file was created on the host system, and the host system >> remotely restarted. > > fsck's not good at finding

On Sat, January 31, 2015 05:14, Johnny Hughes wrote: > On 01/30/2015 06:09 PM, Scott Robbins wrote: >> On Fri, Jan 30, 2015 at 11:27:55PM +0000, Marko Vojinovic wrote: >>> On Fri, 30 Jan 2015 14:15:05 -0800 >>> Akemi Yagi <amyagi at gmail.com> wrote: >>>> On Fri, Jan 30, 2015 at 2:04 PM, Scott Robbins >>>> <scottro at nyc.rr.com>

CentOS-6.5 (FreePBX-2.6) Asterisk-11.14.2 (FreePBX) snom870-SIP 8.7.3.25.5 I am having a very difficult time attempting to get TLS and SRTP working with Asterisk and anything else. At the moment I am trying to get TLS functioning with our Snom870 desk-sets. And I am not having much luck. Since this is an extraordinarily (to me) Byzantine environemnt I am going to ask if any of you have gotten