similar to: Another Fedora decision

I think it well to recall that the change which instigated this tempest was not to the network operations of a RHEL based system but to the 'INSTALLER' process, Anaconda. Now, I might be off base on this but really, ask yourself: Who exactly uses an installer program? And what is the threat model being addressed by requiring that the installer set a suitably strong password for root?

On Sun, January 24, 2016 11:45, Peter Duffy wrote: > > Trouble is that when you go from 6 to 7, you also have the delights of > systemd and grub 2 to contend with. > . . . > Similarly with others who have commented, I simply cannot > understand why the maintainers of crucial components in > linux have this thing about making vast changes which impact > (usually adversely)

I am trying to replicate a samba-4.3 DC [192.168.8.65] to a newly joined samba-4.10 DC. I am using rsync as described in the samba wiki, excepting that I am using a remote shell (ssh) with the root user and password-less logins. When I run the command below from the 4.10 DC I get acl errors as shown below. rsync -XAavz --delete-after --rsh='ssh' [192.168.8.65]:/var/db/samba4/sysvol

On Tue, February 3, 2015 14:01, Valeri Galtsev wrote: > > On Tue, February 3, 2015 12:39 pm, Les Mikesell wrote: >> On Tue, Feb 3, 2015 at 12:24 PM, Valeri Galtsev >> <galtsev at kicp.uchicago.edu> wrote: >>> >>> Sounds so I almost have to feel shame for securing my boxes no >>> matter what job vendor did ;-) >> >> Yes, computers and

On Mon, February 2, 2015 21:34, PatrickD Garvey wrote: > OK, folks. You're doing a great job of describing the current milieu > with a rough description of some best practices. > > Now how about some specific sources you personally used to learn your > craft that we can use likewise? > > PatrickD > > Go to http://www.ccc.de/en/. Visit and view some of the videos of

On Tue, February 10, 2015 18:28, Always Learning wrote: > > 3. The Russian's web site is that of a devote cyclist. Most of the > films on his web site are of cycling or about cycling. Most of the > oldish PDF files are about Linux and in Russian. I do not consider > his site presents a malicious danger to me. Most phishing sites do not resemble anything like what one might

On Wed, February 4, 2015 17:16, Lamar Owen wrote:. > > Now, I have seen this happen, on a system in the wild, where the very > first thing the attacker did was grab a copy of /etc/shadow, even with > an interactive reverse shell and root access being had. So even when > you recover your system from the compromise you have the risk of all > those passwords being known, and

On Sat, January 31, 2015 05:14, Johnny Hughes wrote: > On 01/30/2015 06:09 PM, Scott Robbins wrote: >> On Fri, Jan 30, 2015 at 11:27:55PM +0000, Marko Vojinovic wrote: >>> On Fri, 30 Jan 2015 14:15:05 -0800 >>> Akemi Yagi <amyagi at gmail.com> wrote: >>>> On Fri, Jan 30, 2015 at 2:04 PM, Scott Robbins >>>> <scottro at nyc.rr.com>

In-Reply-To: <f4e013870805211022r36194b29gb74ca4421dc2ee77 at mail.gmail.com> On: Wed, 21 May 2008 10:22:19 -0700, MHR <mhullrich at gmail.com> wrote: >> On Wed, May 21, 2008 at 8:37 AM, James B. Byrne <byrnejb at harte-lyne.ca> >> wrote: >> >> This indeed turned out to be an SELinux policy problem which I have since >> resolved. > > Whoa,

On Wed, February 4, 2015 16:55, Warren Young wrote: >> On Feb 4, 2015, at 12:16 PM, Lamar Owen <lowen at pari.edu> wrote: >> >> Again, the real bruteforce danger is when your /etc/shadow is >> exfiltrated by a security vulnerability > > Unless you have misconfigured your system, anyone who can copy > /etc/shadow already has root privileges. They do not need

I apologize in advance for the subject and length of this reply. I debated just letting things pass without comment. But, security has many levels. And the first level is recognition of the threat. Whether we recognize it or not. Whether we agree of disagree with the politics that lie beneath this situation or not; Whether we consider this a non-technical issue or not; By virtue of our

I changed the entries in smb4.conf (smb.conf) to this: [global] . . . dns update command = /usr/local/sbin/samba_dnsupdate nsupdate command = /usr/local/bin/samba-nsupdate -d -g And this is what results when I run: samba_dnsupdate --verbose -d8 --all-names . . . update(nsupdate): SRV _ldap._tcp.Default-First-Site-Name._sites.ForestDnsZones.brockley.harte-lyne.ca

On Wed, November 12, 2014 15:50, g wrote: > > > On 11/12/2014 10:13 AM, Les Mikesell wrote: > >> >> Well, no. Per the headers: >> >> Authentication-Results: mx.google.com; spf=neutral (google.com: >> centos-bounces at centos.org does not designate permitted sender hosts) >> smtp.mail=centos-bounces at centos.org; dkim=neutral (body hash did not

I am testing DC administration using samba-4.10.15 on FreeBSD-12.1p6 and have run across this: [root at smb4-2 ~ (master)]# samba-tool domain join BROCKLEY.HARTE-LYNE.CA DC -U"BROCKLEY\administrator" INFO 2020-06-25 14:26:10,692 pid:47306 /usr/local/lib/python3.7/site-packages/samba/join.py #104: Finding a writeable DC for domain 'BROCKLEY.HARTE-LYNE.CA' INFO 2020-06-25

This is all the diagnostic information I can think of at the moment: [root at smb4-1 ~ (master)]# klist Credentials cache: FILE:/tmp/krb5cc_0 Principal: administrator at BROCKLEY.HARTE-LYNE.CA Issued Expires Principal Jul 2 10:35:11 2020 Jul 2 20:35:11 2020 krbtgt/BROCKLEY.HARTE-LYNE.CA at BROCKLEY.HARTE-LYNE.CA [root at smb4-1 ~ (master)]# grep nsup

Respecting cloning vm guests, I see in /etc/ssh the following: ssh_host_dsa_key ssh_host_dsa_key.pub ssh_host_key ssh_host_key.pub ssh_host_rsa_key ssh_host_rsa_key.pub Is there a simple script somewhere to regenerate all the server host keys for the new guest after cloning? -- *** E-Mail is NOT a SECURE channel *** James B. Byrne mailto:ByrneJB at

Respecting cloning vm guests, I see in /etc/ssh the following: ssh_host_dsa_key ssh_host_dsa_key.pub ssh_host_key ssh_host_key.pub ssh_host_rsa_key ssh_host_rsa_key.pub Is there a simple script somewhere to regenerate all the server host keys for the new guest after cloning? -- *** E-Mail is NOT a SECURE channel *** James B. Byrne mailto:ByrneJB at

> Could be because you added the wrong line to your smb4.conf (why does > freebsd call it smb4.conf ?), Why does freebsd put these things in /usr/local/etc/? Some questions have answers that are not worth the effort to know. > try: > nsupdate command = /usr/local/sbin/nsupdate -g I did catch that error earlier. But it makes no difference. samba_dnsupdate does not give any

Thank you for your patience. On Tue, June 30, 2020 16:48, Rowland penny wrote: > > From 'man smb.conf': > > nsupdate command (G) > > This option sets the path to the nsupdate command which is used for > GSS-TSIG dynamic DNS updates. > > Default: nsupdate command = /usr/bin/nsupdate -g > > dns update command (G) > > This

I have introduced some error in my dns resolution and I would like some help fixing it as I cannot seem to detect what I have done wrong. Briefly the setup is this: name servers: DNS01 - 216.185.71.33 DNS02 - 209.47.176.33 DNS03 - 216.185.71.34 DNS04 - 209.47.176.34 - offline DNS01 is a master DNS02-04 are slaves of 216.185.71.33 All are listed as authoritative for the zone test.com The