Hi,
On Wed, Feb 4, 2015 at 4:57 AM, John R Pierce pie...@hogranch.com wrote:
On 2/3/2015 2:32 PM, Tim Dunphy wrote:
-bash-3.2$ php /var/www/qa/launchpadnew/site/ftp_check.php
[sudo] password for nobody:
In sudoers file, you have to provide the whole path of the php command to
execute any
On Tue, 2015-02-03 at 15:02 +1100, Kahlil Hodgson wrote:
Thinking about you systems from a penetration testing perspective can
be helpful. For example, Always Learning has just told us that he
uses single character root passwords on his testing machines, that he
is testing 7 days a week and
On 4 February 2015 at 14:36, Always Learning cen...@u64.u22.net wrote:
Thinking about you systems from a penetration testing perspective can
be helpful. For example, Always Learning has just told us that he
uses single character root passwords on his testing machines, that he
is testing 7
On Mon, February 2, 2015 21:34, PatrickD Garvey wrote:
OK, folks. You're doing a great job of describing the current milieu
with a rough description of some best practices.
Now how about some specific sources you personally used to learn your
craft that we can use likewise?
PatrickD
Go
I think it well to recall that the change which instigated this
tempest was not to the network operations of a RHEL based system but
to the 'INSTALLER' process, Anaconda. Now, I might be off base on
this but really, ask yourself: Who exactly uses an installer program?
And what is the threat
On Fri, Jan 30, 2015 at 08:24:59PM -0700, rgritzo wrote:
Thanks for the info.
I am trying to connect to the Xen hypervisor, via a localhost connection
defined in the virt-manager configuration.
here is the detail provided in the error dialog:
*
Unable to open a
On 02/02/2015 11:00 AM, Karanbir Singh wrote:
On 02/02/2015 04:21 PM, Lokesh Mandvekar wrote:
What's the best place to update the docs/howto for docker and related
packages on centos?
Could I add to http://wiki.centos.org/Cloud/Docker?highlight=(docker) or
is this for the rhel-recompiled
Warren Young wrote:
The new rules are:
1. At least 8 characters.
2. Nothing that violates the pwquality rules:
http://linux.die.net/man/8/pam_pwquality
The 7 rules listed in this URL seem utterly bizarre to me.
The first is Don't use a palindrome
which makes me wonder if the
On Feb 3, 2015, at 8:17 AM, James B. Byrne byrn...@harte-lyne.ca wrote:
Who exactly uses an installer program?
We do.
Kickstart never really met our needs, and all these now-common CM systems came
out way after we had shell-scripted our post-install setup adequately. To go
back and
Hey guys,
I need to give the 'nobody' user (which is what our apache runs as) no
password access to a file, via sudo. This is what I've tried:
nobody ALL=(ALL) NOPASSWD: /var/www/qa/launchpadnew/site/ftp_check.php
But if I become the nobody user and try to access the file, it tries to
On 2015-02-03, Scott Robbins scot...@nyc.rr.com wrote:
On Tue, Feb 03, 2015 at 01:53:45PM +, Timothy Murphy wrote:
The first is Don't use a palindrome
which makes me wonder if the author knows the meaning of this word.
I suspect he/she thinks it means a known word backwards.
That's
Is there a way to use kickstart to boot a machine into a manual setup
process? Basically what I'm getting to is this, the machine doesn't not
have a CD drive in it (nor can I add one), but I can boot it via kickstart.
The install media is on the network. What I'd like to do is boot this
machine up
Ashley M. Kirchner writes:
Is there a way to use kickstart to boot a machine into a manual setup
process? Basically what I'm getting to is this, the machine doesn't not
have a CD drive in it (nor can I add one), but I can boot it via kickstart.
[...]
When no kickstart file is provided in the
On Tue, 2015-02-03 at 09:24 -0500, Jonathan Billings wrote:
I'm curious, were you upset when Java (and various other software
packages that use SSL) were updated to stop using SSLv3?
No. I do not use Java. Updating to prevent security breeches is *always*
a good idea.
--
Regards,
Paul.
On Tue, Feb 03, 2015 at 01:53:45PM +, Timothy Murphy wrote:
The 7 rules listed in this URL seem utterly bizarre to me.
The first is Don't use a palindrome
which makes me wonder if the author knows the meaning of this word.
I suspect he/she thinks it means a known word backwards.
On Mon, Feb 02, 2015 at 11:31:35PM +, Always Learning wrote:
If testing then a one character password is very acceptable to me. Why
should some arrogant nutter impose an arduous ultra secure password when
a simple one character password will suffice ? Who knows the machine,
the deploying
Palindrome : A word, phrase or sequence that reads the same backward as
forward, e.g. ³madam or nurses run²
Valère Binet [C]
On 2/3/15, 9:16 AM, Scott Robbins scot...@nyc.rr.com wrote:
On Tue, Feb 03, 2015 at 01:53:45PM +, Timothy Murphy wrote:
The 7 rules listed in this URL seem
On Tue, Feb 3, 2015 at 12:24 PM, Valeri Galtsev
galt...@kicp.uchicago.edu wrote:
Sounds so I almost have to feel shame for securing my boxes no matter what
job vendor did ;-)
Yes, computers and the way people access them are pretty much a
commodity now. If you are spending time building
On 02/03/2015 10:28 AM, Ashley M. Kirchner wrote:
Is there a way to use kickstart to boot a machine into a manual setup
process? Basically what I'm getting to is this, the machine doesn't not
have a CD drive in it (nor can I add one), but I can boot it via kickstart.
The install media is on the
With Lars' original comment of not having a ks file specified, I figured it
out from there. And appending vnc to the command line is really all I need
for it to work.
Thanks everyone for the replies. Always very helpful!
On Tue, Feb 3, 2015 at 10:43 AM, Jay Leafey jay.lea...@mindless.com wrote:
On Tue, February 3, 2015 11:37 am, Les Mikesell wrote:
On Tue, Feb 3, 2015 at 11:20 AM, Scott Robbins scot...@nyc.rr.com wrote:
I don't think anybody is missing anything. Palindrome in this
context
may not be limited to real words; the author may be suggesting that you
not pick your
On 02/03/2015 11:19 AM, Jay Leafey wrote:
The documentation says that you can just put vnc (or
vncconnect={host}) in the kickstart file in the command section and
proceed from there. Here's a link to an article in Red Hat Magazine
that has a pretty good overview:
On Mon, 2015-02-02 at 20:26 -0800, PatrickD Garvey wrote:
The CentOS wiki pages found by a title page search are:
http://wiki.centos.org/HelpOnConfiguration/SecurityPolicy
http://wiki.centos.org/HowTos/Security
http://wiki.centos.org/Security
http://wiki.centos.org/Security/Heartbleed
On Tue, Feb 3, 2015 at 11:48 AM, Valeri Galtsev
galt...@kicp.uchicago.edu wrote:
I think the intent is: Don't use a password likely to be included in
the list that an attacker would try. Of course if services would
rate-limit the failures
Which sysadmins do for ages when they configure their
On Tue, February 3, 2015 12:08 pm, Les Mikesell wrote:
On Tue, Feb 3, 2015 at 11:48 AM, Valeri Galtsev
galt...@kicp.uchicago.edu wrote:
I think the intent is: Don't use a password likely to be included in
the list that an attacker would try. Of course if services would
rate-limit the
On Tue, Feb 3, 2015 at 9:34 AM, Always Learning cen...@u64.u22.net wrote:
On Mon, 2015-02-02 at 20:26 -0800, PatrickD Garvey wrote:
The CentOS wiki pages found by a title page search are:
http://wiki.centos.org/HelpOnConfiguration/SecurityPolicy
http://wiki.centos.org/HowTos/Security
On Tue, Feb 3, 2015 at 1:30 PM, Always Learning cen...@u64.u22.net wrote:
There are probably still people that take their cars apart to check
that they were assembled correctly too.
Its about taking personal responsibility for the security of your
system(s). Trusting someone else's settings
On 2/3/2015 11:57 AM, Always Learning wrote:
'AlwaysLearning', 'alwayslearning' and 'MrLearning' makes me ...
... an anonymous troll.
--
john r pierce 37N 122W
somewhere on the middle of the left coast
___
On Tue, 2015-02-03 at 13:37 -0600, Les Mikesell wrote:
On Tue, Feb 3, 2015 at 1:30 PM, Always Learning cen...@u64.u22.net wrote:
Its about taking personal responsibility for the security of your
system(s). Trusting someone else's settings of what THEY think YOUR
security should be, is
On Tue, February 3, 2015 12:39 pm, Les Mikesell wrote:
On Tue, Feb 3, 2015 at 12:24 PM, Valeri Galtsev
galt...@kicp.uchicago.edu wrote:
Sounds so I almost have to feel shame for securing my boxes no matter
what
job vendor did ;-)
Yes, computers and the way people access them are pretty
On Tue, 2015-02-03 at 12:39 -0600, Les Mikesell wrote:
There are probably still people that take their cars apart to check
that they were assembled correctly too.
Its about taking personal responsibility for the security of your
system(s). Trusting someone else's settings of what THEY think
On Tue, Feb 3, 2015 at 11:15 AM, Les Mikesell lesmikes...@gmail.com wrote:
On Tue, Feb 3, 2015 at 1:01 PM, Valeri Galtsev galt...@kicp.uchicago.edu
wrote:
Perhaps the Simplified Linux Server Special Interest Group
http://wiki.centos.org/SpecialInterestGroup/SLS
could benefit from contributions
On Tue, Feb 03, 2015 at 08:03:35PM +, Always Learning wrote:
Nothing wrong with letting an expert preconfigure the system and then,
after installation, the SysAdmin checking to ensure all the settings
satisfy the SysAdmin's requirements.
Wouldn't that be like having the OS installer
On Tue, 2015-02-03 at 13:01 -0600, Valeri Galtsev wrote:
I for one will never trust that ipad and will not originate connection
to secure box from it.
+1.
--
Regards,
Paul.
England, EU. Je suis Charlie.
___
CentOS mailing list
On Tue, February 3, 2015 1:37 pm, PatrickD Garvey wrote:
On Tue, Feb 3, 2015 at 11:15 AM, Les Mikesell lesmikes...@gmail.com
wrote:
On Tue, Feb 3, 2015 at 1:01 PM, Valeri Galtsev
galt...@kicp.uchicago.edu wrote:
Perhaps the Simplified Linux Server Special Interest Group
On Tue, 2015-02-03 at 11:21 -0800, PatrickD Garvey wrote:
*** NOTHING about Firewalls (IP Tables) ***
I agree, this is not good.
Come do as I have done.
I followed the instructions at
http://wiki.centos.org/Contribute#head-42b3d8e26400a106851a61aebe5c2cca54dd79e5
3. Contribute
On Tue, Feb 3, 2015 at 11:57 AM, Always Learning cen...@u64.u22.net wrote:
On Tue, 2015-02-03 at 11:21 -0800, PatrickD Garvey wrote:
I would love to review the improvements you may make to any page of the wiki.
Post the URL of your page.
http://wiki.centos.org/PatrickDGarvey
On Tue, Feb 3, 2015 at 1:01 PM, Valeri Galtsev
galt...@kicp.uchicago.edu wrote:
Yes, computers and the way people access them are pretty much a
commodity now. If you are spending time building something exotic for
a common purpose, isn't that a waste?
Do I have to take that people who are
On Tue, 2015-02-03 at 13:15 -0600, Les Mikesell wrote:
No, I think there are better things for sysadmins to do than fix
settings that should have had better defaults.
How can any SysAdmin (= System Administrator) administer something he or
she is uncertain about ? The job of any system
On Tue, February 3, 2015 1:15 pm, Les Mikesell wrote:
On Tue, Feb 3, 2015 at 1:01 PM, Valeri Galtsev
galt...@kicp.uchicago.edu wrote:
Yes, computers and the way people access them are pretty much a
commodity now. If you are spending time building something exotic for
a common purpose,
try sudo php /var/www/qa/launchpadnew/site/ftp_check.php and sudo
/var/www/qa/launchpadnew/site/ftp_check.php
You're giving the user the ability to run
/var/www/qa/launchpadnew/site/ftp_check.php
but not necessarily php. Your script might not need it, so try it each
way. And, since you're
On 2015-02-03, Markus markus.scharit...@gmail.com wrote:
On 2015-02-03 22:22, Always Learning wrote:
(1) When external access gets a password wrong 'n' occasions, as
determined by the SysAdmin, the external IP address is automatically
permanently blocked unless that IP is included in a IP
On Tue, February 3, 2015 4:32 pm, Tim Dunphy wrote:
Hey guys,
I need to give the 'nobody' user (which is what our apache runs as) no
password access to a file, via sudo. This is what I've tried:
nobody ALL=(ALL) NOPASSWD:
/var/www/qa/launchpadnew/site/ftp_check.php
But if I become
On 2/3/2015 2:32 PM, Tim Dunphy wrote:
-bash-3.2$ php /var/www/qa/launchpadnew/site/ftp_check.php
[sudo] password for nobody:
where did sudo even come into this picture?
does this ftp_check.php script fork a shell with sudo or something?
sounds like a VERY bad way of doing whatever it is
Estimados:
Wikimania 2015 en la Ciudad de México será la onceava conferencia anual
internacional que proveerá una oportunidad única para reunir a la comunidad
Wikimedia y a sus proyectos, compartir sus metas compartidas y desarrollar
mejores formas de trabajar juntos a nivel internacional
Si
On Tue, 2015-02-03 at 11:59 -0800, John R Pierce wrote:
On 2/3/2015 11:57 AM, Always Learning wrote:
'AlwaysLearning', 'alwayslearning' and 'MrLearning' makes me ...
... an anonymous troll.
That type of reaction dissuades people from contributing to the List.
Why don't you personally
On Tue, Feb 03, 2015 at 02:10:31PM -0600, Les Mikesell wrote:
I'd just rather see them applying their expertise to actually making
the code resist brute-force password attacks instead of stopping the
install until I pick a password that I'll have to write down because
they think it will take
On Tue, 2015-02-03 at 15:05 -0500, Jonathan Billings wrote:
On Tue, Feb 03, 2015 at 08:03:35PM +, Always Learning wrote:
Nothing wrong with letting an expert preconfigure the system and then,
after installation, the SysAdmin checking to ensure all the settings
satisfy the SysAdmin's
On Tue, 2015-02-03 at 12:06 -0800, PatrickD Garvey wrote:
On Tue, Feb 3, 2015 at 11:57 AM, Always Learning cen...@u64.u22.net wrote:
On Tue, 2015-02-03 at 11:21 -0800, PatrickD Garvey wrote:
I would love to review the improvements you may make to any page of the
wiki.
Post the
On Tue, 2015-02-03 at 14:48 -0600, Les Mikesell wrote:
On Tue, Feb 3, 2015 at 2:44 PM, Always Learning cen...@u64.u22.net wrote:
There should be a basic defence that when the password is wrong 'n'
occasions the IP address is blocked automatically and permanently unless
it is
On 4 February 2015 at 02:17, James B. Byrne byrn...@harte-lyne.ca wrote:
I think it well to recall that the change which instigated this
tempest was not to the network operations of a RHEL based system but
to the 'INSTALLER' process, Anaconda. Now, I might be off base on
this but really, ask
Am 03.02.2015 um 10:14 schrieb Joseph L. Brunner:
Lol - spinning disks? Really?
SSD is down to like 50cents a gig. And they have 1TB disks... slow disks = you
get what you deserve... welcome to 2015. Autolacing shoes, self drying jackets,
hoverboards - oh, yeah, and 110k IOPS 1TB SamSung Pro
Scott Robbins wrote:
On Tue, Feb 03, 2015 at 01:53:45PM +, Timothy Murphy wrote:
The 7 rules listed in this URL seem utterly bizarre to me.
The first is Don't use a palindrome
which makes me wonder if the author knows the meaning of this word.
I suspect he/she thinks it means a known
Lol - spinning disks? Really?
SSD is down to like 50cents a gig. And they have 1TB disks... slow disks = you
get what you deserve... welcome to 2015. Autolacing shoes, self drying jackets,
hoverboards - oh, yeah, and 110k IOPS 1TB SamSung Pro 850 SSD Drives for $449
on NewEgg.
dumbass
On Tue, 2015-02-03 at 15:51 -0500, Jonathan Billings wrote:
Also, it isn't up to the *installer* to set up a system that resists
brute-force password attacks.
Give us the tools to do the job !
My amalgamated idea is:-
(1) When external access gets a password wrong 'n' occasions, as
On 2015-02-03 22:22, Always Learning wrote:
On Tue, 2015-02-03 at 15:51 -0500, Jonathan Billings wrote:
Also, it isn't up to the *installer* to set up a system that resists
brute-force password attacks.
Give us the tools to do the job !
My amalgamated idea is:-
(1) When external
On 2/3/2015 1:22 PM, Always Learning wrote:
Baffled why it has never been done but then I'm Always Learning.
'fail2ban' with a bit of configuration for your exceptions.
--
john r pierce 37N 122W
somewhere on the middle of the left coast
57 matches
Mail list logo