similar to: Security implications of openssl098e on CentOS 7

On 10/21/2015 1:55 PM, Andrew Holway wrote: > Personally I would go round to that particular vendors office with a pipe > wrench and encourage them to do better however, unless this software is > transmitting credit card information then it seems that you could be > safe(ish) from the regulation standpoint. It really depends on the location > of the machine. Is it deep in the bowels

On 10/21/2015 2:34 PM, Eero Volotinen wrote: > Remember that rhel/centos backports fixes, so just looking version > number is not reliable way to detect security issues. > > Eero Indeed, though I can say on CentOS 5 the required configuration to be PCI compliand is not valid in apache, and httpd will not start. -- ----------------------------------------------- - Nick Bright

Greetings, I'm running Dovecot 2.0.9 on my CentOS 6 server, for several thousand mailboxes. Recently, I've had several reports of "my mailbox is suddenly empty, where'd my mail go?" I've enabled debug logging, but I'd like to make sure I have the best level of debug to see things like "delete message" commands? I've configured in logging:

I'm still learning firewalld obviously, and I am having trouble groking the documentation to understand how to do this. I know I could do an iptables direct, but that doesn't seem like the "right" way to do it. What I'm trying to do is allow a specific service, only for a specific ip. Effectively, SNMP should be allowed form a specific IP address (the systems monitor).

On 17 Nov 2015 17:30, "Nick Bright" <nick.bright at valnet.net> wrote: > > On 11/17/2015 11:12 AM, Nick Bright wrote: >> >> firewall-cmd --zone=monitoring --add-source=1.2.3.4/32 >> firewall-cmd --zone=monitoring --add-service=snmp >> firewall-cmd --zone=monitoring --add-interface=ens192 >> firewall-cmd --runtime-to-permanent > > I went

Personally I would go round to that particular vendors office with a pipe wrench and encourage them to do better however, unless this software is transmitting credit card information then it seems that you could be safe(ish) from the regulation standpoint. It really depends on the location of the machine. Is it deep in the bowels of your high security nuclear bunker on an air gap network or is is

Remember that rhel/centos backports fixes, so just looking version number is not reliable way to detect security issues. Eero 2015-10-21 21:18 GMT+03:00 Nick Bright <nick.bright at valnet.net>: > Greetings, > > I'm working with a new CentOS 7 installation, moving a system up from > CentOS 5 due to OpenSSL version 0.9.8e not meeting PCI Compliance > requirements. >

On 6 November 2015 at 21:49, Pete Travis <lists at petetravis.com> wrote: > On Nov 6, 2015 3:31 PM, "Nick Bright" <nick.bright at valnet.net> wrote: >> >> Greetings, >> >> One of my biggest frustrations with CentOS 7 has been firewalld. >> >> Essentially all of the documentation just flat doesn't work. >> >> One common

On 11/16/2015 01:39 PM, Nick Bright wrote: > This is very frustrating, and not obvious. If --permanent doesn't work > for a command, then it should give an error - not silently fail > without doing anything! But --permanent *did* work. What you're seeing is the documented behavior: --permanent The permanent option --permanent can be used to set options

In CentOS 6.7 I ran setup command and I could configure network settings from that "gui" utility at command line. In CentOS 7 I don't know where this goes or how to enabled. I have installed a few packages: yum install setuptool -y \ && yum install system-config-network-tui -y \ && yum install system-config-firewall* -y \ && yum install

I?m adding once a day mail delivery to my site. Messages are marked by the sender as ?overnight? or ?once a week? delivery. The way I?m planning on implementing this is to queue messages until midnight in a MySQL database. Each mailbox will be kept in two Dovecot mailstores. The first mailstore will give the users IMAP access to their mailbox. A second mailstore will hold the next day?s new

On Mon, November 16, 2015 16:39, Nick Bright wrote: > On 11/6/2015 3:58 PM, James Hogarth wrote: >> I have a couple of relevant articles you may be interested in ... >> >> On assigning the zone via NM: >> https://www.hogarthuk.com/?q=node/8 >> >> Look down to the "Specifying a particular firewall zone" bit ... >> remember that if you edit the

Greetings, One of my biggest frustrations with CentOS 7 has been firewalld. Essentially all of the documentation just flat doesn't work. One common thing that needs to be done is to change the zone of an interface, however I've tried: firewall-cmd --permanent --zone=internal --change-interface=ens192 firewall-cmd --permanent --zone=internal --add-interface=ens192 I've also tried

Is there any information available about what packages are being planned for the SCL? For example, will PHP 5.6 be made available & maintained? By "maintained" I mean kept up to date with back ported security patches and such. -- ----------------------------------------------- - Nick Bright - - Vice President of Technology - -

On 11/17/2015 11:12 AM, Nick Bright wrote: > firewall-cmd --zone=monitoring --add-source=1.2.3.4/32 > firewall-cmd --zone=monitoring --add-service=snmp > firewall-cmd --zone=monitoring --add-interface=ens192 > firewall-cmd --runtime-to-permanent I went ahead and tried this and found that the zone and service must first be created, which requires use of: firewall-cmd

On 11/6/2015 3:58 PM, James Hogarth wrote: > I have a couple of relevant articles you may be interested in ... > > On assigning the zone via NM: > https://www.hogarthuk.com/?q=node/8 > > Look down to the "Specifying a particular firewall zone" bit ... > remember that if you edit the files rather than using nmcli you must > reload NM (or do nmcli reload) for that

On 11/17/2015 8:18 AM, James B. Byrne wrote: > This behaviour is congruent with SELinux. One utility adjusts the > permanent configuration, the one that will be applied at startup. > Another changes the current running environment without altering the > startup config. From a sysadmin point of view this is desirable since > changes to a running system are often performed for

On Wed, 21 Oct 2015 20:58, Nick Bright <nick.bright at ...> wrote: > On 10/21/2015 1:55 PM, Andrew Holway wrote: >> Personally I would go round to that particular vendors office with a pipe >> wrench and encourage them to do better however, unless this software is >> transmitting credit card information then it seems that you could be >> safe(ish) from the

CentOS Errata and Security Advisory 2014:0626 Important Upstream details at : https://rhn.redhat.com/errata/RHSA-2014-0626.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) i386: 4911acddf50a3f48cc5d2ce6f4011193a06112142a2d93e7e9f36aa7fd44e1bd openssl098e-0.9.8e-18.el6_5.2.i686.rpm x86_64:

CentOS Errata and Security Advisory 2016:0372 Important Upstream details at : https://rhn.redhat.com/errata/RHSA-2016-0372.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) i386: e87cdaa0c6d6528e4395026ed75dd8c06d1d9cd20cbfc2b88b0d6046482aaa82 openssl098e-0.9.8e-20.el6.centos.1.i686.rpm x86_64: