similar to: unpatched local root on centos 5?

well, very sad to hear as I use commercial rhel 5 and paying for it.. Eero 2015-08-13 19:57 GMT+03:00 Johnny Hughes <johnny at centos.org>: > On 08/12/2015 10:43 PM, Eero Volotinen wrote: > > Hi List, > > > > Looks like this affects on centos 5 and is unpatched like on rhel 5? > > > > https://access.redhat.com/articles/1537873 > > > > Trying to

Hi List, Looks like this affects on centos 5 and is unpatched like on rhel 5? https://access.redhat.com/articles/1537873 Trying to test if this affects on centos 5. can someone compile this exploit on centos 5? https://www.qualys.com/research/security-advisories/roothelper.c any ideas how to compile it on centos 5? -- Eero

On 08/13/2015 12:41 PM, Eero Volotinen wrote: > well, very sad to hear as I use commercial rhel 5 and paying for it.. > Well, in that case, I would recommend RHEL-6 or RHEL-7 for your RHEL-5 workloads :) > > 2015-08-13 19:57 GMT+03:00 Johnny Hughes <johnny at centos.org>: > >> On 08/12/2015 10:43 PM, Eero Volotinen wrote: >>> Hi List, >>>

On 08/12/2015 10:43 PM, Eero Volotinen wrote: > Hi List, > > Looks like this affects on centos 5 and is unpatched like on rhel 5? > > https://access.redhat.com/articles/1537873 > > Trying to test if this affects on centos 5. can someone compile this > exploit on centos 5? > https://www.qualys.com/research/security-advisories/roothelper.c > > any ideas how to

I generated according to the docs . Which produced my server.secrets as below used the command ipsec newhostkey --configdir /etc/ipsec.d --output /etc/ipsec.d/www.example.com.secrets : RSA { # RSA 3328 bits ***.**.net Fri Apr 1 15:39:32 2016 # for signatures only, UNSAFE FOR ENCRYPTION

in fact: modgnutls provides easy way to get tlsv1.2 to rhel 5 -- Eero 2015-04-16 21:02 GMT+03:00 Eero Volotinen <eero.volotinen at iki.fi>: > well. this hack solution might work: > http://www.tuxad.de/blog/archives/2014/11/19/openssl_updatesenhancements_for_rhel__centos_5/index.html > > -- > Eero > > 2015-04-16 17:30 GMT+03:00 Leon Fauster <leonfauster at

Yep, maybe using ssl offloading devices like (BigIP) that receives tls1.2 and tlsv1.2 and then re-encrypts traffic with tls1.0 might be "cheapest" solution. -- Eero 2015-04-17 14:15 GMT+03:00 Johnny Hughes <johnny at centos.org>: > On 04/16/2015 05:00 PM, Eero Volotinen wrote: > > in fact: modgnutls provides easy way to get tlsv1.2 to rhel 5 > > > > -- >

Just trying to follow the instructions here https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Security_Guide/sec-Securing_Virtual_Private_Networks.html I don't think I am doing anything special. At the point where there is some communication going on Getting this error packet from *****:1024: received Vendor ID payload [Cisco-Unity] Apr 01 17:33:44

Hi,volotinen: as it mentioned in your web link: "Your on the right track your module need to be signed", my question how to sign test_file_system.ko? thanks, w.k. ------------------ ???? ------------------ ???: "eero.volotinen";<eero.volotinen at iki.fi>; ????: 2016?1?22?(???) ??3:42 ???: "CentOS mailing list"<centos at

Err. Sounds like security nightmare. 21.3.2016 7.47 ip. "Glenn Pierce" <glennpierce at gmail.com> kirjoitti: > Will ask my boss :) We are hosted on memset so not so easy to update > > Thanks > > On 21 March 2016 at 17:36, Eero Volotinen <eero.volotinen at iki.fi> wrote: > > Centos 5 is still soon end of life. Using it as ipsec gateway is .. > >

Sorry but I have looked for over two days. Trying every command I could find. There is obviously a misunderstanding somewhere. After generating a key pair with ipsec newhostkey --configdir /etc/ipsec.d --output /etc/ipsec.d/my.secrets I exported to a file with ipsec showhostkey --ipseckey > file The man pages says ipsec showhostkey outputs in ipsec.conf(5) format, Ie ***.server.net.

Am 16.04.2015 um 11:46 schrieb Leon Fauster <leonfauster at googlemail.com>: > Am 16.04.2015 um 11:43 schrieb Eero Volotinen <eero.volotinen at iki.fi>: >> Is there any nice way to get tlsv1.2 support to centos 5? >> upgrading os to 6 is not option available. > > > Unfortunately not. https://bugzilla.redhat.com/show_bug.cgi?id=1066914 -- LF

Glenn Pierce wrote: > Yes reinstall. I get you have to purchase a new instance for a time to > move over. I'd figure that they just move you to an instance that's already running a newer version of the o/s, giving you time to test for breakage. I really don't see them charging, except, possibly, for running in parallel during testing. mark > > -----Original

I think, this SIG would/should care about hardening CentOS itself as a system not a complete environment (proxies, firewalls, etc.) The examples of the opener show this. Something else could be integrity checking possibly. I imagine a tool/script that could apply hardening stuff. Regards Tim Am 22. April 2015 09:23:52 MESZ, schrieb Eero Volotinen <eero.volotinen at iki.fi>: >Sounds

I have tried openssl rsa -in bicester_left.pub -outform pem > bicester_left.pem I get unable to load Private Key 140372295030648:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:701:Expecting: ANY PRIVATE KEY On 1 April 2016 at 13:59, Eero Volotinen <eero.volotinen at iki.fi> wrote: > You can do any kind of format conversions with openssl commandline client. >

This looka good: https://github.com/juliogonzalez/s3fs-fuse-rpm Eero 7.6.2015 4.23 ip. "Tim Dunphy" <bluethundr at gmail.com> kirjoitti: > > > > Centos 7 base repo contains fuse, use it. it works. handcompiling > packages > > to centos is *really* stupid, without proper knowledge.. > > > Thanks, you're right. The Centos 7 package works. > >

On Aug 15, 2015 13:23, Mark Milhollan <mlm at pixelgate.net> wrote: > > On Fri, 14 Aug 2015, Thomas Eriksson wrote: > > >If it's centos 6 stick 'ulimit -s' in the init script > > I suggest putting it in the sysconfig file instead, if such exists. > > Sure, but how many init scripts provide for adding an extra command via sysconfig files? Most of

? 20151113_123827.mp4 <https://drive.google.com/file/d/0BwbqyaG4rXrCUXNfTWI3ZEk4N1k/view?usp=drive_web> ?We are using R630. Do you think it is better to install from DVD? Few times I waited for a long time. Bar was not moving in the screen. Please refer to the video. On Friday, November 13, 2015, Eero Volotinen <eero.volotinen at iki.fi> wrote: > what is model of your poweredge

My boot folder has only rescue vm. How to get actual vm? Shiva Prasad Nath 92981134 On Sun, Nov 22, 2015 at 12:43 AM, Eero Volotinen <eero.volotinen at iki.fi> wrote: > Using rescue mode or some other rescuecd.. > > Eero > 21.11.2015 6.41 ip. "Siva Prasad Nath" <shivaprasadnath21 at gmail.com> > kirjoitti: > > > Hi, > > From yesterday my

Ok. try following: firewall-cmd --add-port=110/tcp --permanent firewall-cmd --reload Eero 2016-07-14 12:22 GMT+03:00 ???? <tadao at creative-japan.org>: > I cannot add pop3 with following error. > # firewall-cmd --permanent --zone=external --add-service=pop3 > Error: INVALID_SERVICE: pop3 > > And cannot access to 143 too. > telnet 153.153.xxx.xxx 143 > Trying