Lol - spinning disks? Really?
SSD is down to like 50cents a gig. And they have 1TB disks... slow disks = you
get what you deserve... welcome to 2015. Autolacing shoes, self drying jackets,
hoverboards - oh, yeah, and 110k IOPS 1TB SamSung Pro 850 SSD Drives for $449
on NewEgg.
dumbass
-Or
Am 03.02.2015 um 10:14 schrieb Joseph L. Brunner:
Lol - spinning disks? Really?
SSD is down to like 50cents a gig. And they have 1TB disks... slow disks = you
get what you deserve... welcome to 2015. Autolacing shoes, self drying jackets,
hoverboards - oh, yeah, and 110k IOPS 1TB SamSung Pro 8
Hey Max,
You are using squid 3.1.x which is not supported anymore by the squid
development team.
It is possible that there is a bug in this version of squid and that it
was not reported until now.
Squid should not run a PTR record lookup unless there is an acl which
requires\wants\needs it.
Warren Young wrote:
> The new rules are:
>
> 1. At least 8 characters.
>
> 2. Nothing that violates the pwquality rules:
>
> http://linux.die.net/man/8/pam_pwquality
The 7 rules listed in this URL seem utterly bizarre to me.
The first is "Don't use a palindrome"
which makes me wonder if t
On Tue, Feb 03, 2015 at 01:53:45PM +, Timothy Murphy wrote:
>
> The 7 rules listed in this URL seem utterly bizarre to me.
>
> The first is "Don't use a palindrome"
> which makes me wonder if the author knows the meaning of this word.
> I suspect he/she thinks it means "a known word backwards
Valeri Galtsev wrote:
>> What secret motive *could* there be?? The current security policy is
>> weak, and this change fixes that. End of story.
>
> It's hard to not endorse everything you are saying. As far as motive is
> concerned, it is not that secret. Security. RedHat doesn't like poorly
>
Palindrome : A word, phrase or sequence that reads the same backward as
forward, e.g. ³madam" or "nurses run²
Valère Binet [C]
On 2/3/15, 9:16 AM, "Scott Robbins" wrote:
>On Tue, Feb 03, 2015 at 01:53:45PM +, Timothy Murphy wrote:
>>
>> The 7 rules listed in this URL seem utterly bizarre
On Mon, Feb 02, 2015 at 11:31:35PM +, Always Learning wrote:
> If testing then a one character password is very acceptable to me. Why
> should some arrogant nutter impose an arduous ultra secure password when
> a simple one character password will suffice ? Who knows the machine,
> the deployi
I think it well to recall that the change which instigated this
tempest was not to the network operations of a RHEL based system but
to the 'INSTALLER' process, Anaconda. Now, I might be off base on
this but really, ask yourself: Who exactly uses an installer program?
And what is the threat model
On Mon, February 2, 2015 21:34, PatrickD Garvey wrote:
> OK, folks. You're doing a great job of describing the current milieu
> with a rough description of some best practices.
>
> Now how about some specific sources you personally used to learn your
> craft that we can use likewise?
>
> PatrickD
On Tue, 2015-02-03 at 09:24 -0500, Jonathan Billings wrote:
> I'm curious, were you upset when Java (and various other software
> packages that use SSL) were updated to stop using SSLv3?
No. I do not use Java. Updating to prevent security breeches is *always*
a good idea.
--
Regards,
Paul.
En
On 2015-02-03, Scott Robbins wrote:
> On Tue, Feb 03, 2015 at 01:53:45PM +, Timothy Murphy wrote:
>>
>> The first is "Don't use a palindrome"
>> which makes me wonder if the author knows the meaning of this word.
>> I suspect he/she thinks it means "a known word backwards".
>
> That's what I
Is there a way to use kickstart to boot a machine into a manual setup
process? Basically what I'm getting to is this, the machine doesn't not
have a CD drive in it (nor can I add one), but I can boot it via kickstart.
The install media is on the network. What I'd like to do is boot this
machine up
Ashley M. Kirchner writes:
> Is there a way to use kickstart to boot a machine into a manual setup
> process? Basically what I'm getting to is this, the machine doesn't not
> have a CD drive in it (nor can I add one), but I can boot it via kickstart.
[...]
When no kickstart file is provided in th
On Tue, February 3, 2015 9:17 am, James B. Byrne wrote:
> I think it well to recall that the change which instigated this
> tempest was not to the network operations of a RHEL based system but
> to the 'INSTALLER' process, Anaconda. Now, I might be off base on
> this but really, ask yourself: Who
On 02/03/2015 10:28 AM, Ashley M. Kirchner wrote:
Is there a way to use kickstart to boot a machine into a manual setup
process? Basically what I'm getting to is this, the machine doesn't not
have a CD drive in it (nor can I add one), but I can boot it via kickstart.
The install media is on the n
On Tue, Feb 03, 2015 at 07:52:53AM -0800, Keith Keller wrote:
> On 2015-02-03, Scott Robbins wrote:
> > On Tue, Feb 03, 2015 at 01:53:45PM +, Timothy Murphy wrote:
> >>
> >> The first is "Don't use a palindrome"
> >> which makes me wonder if the author knows the meaning of this word.
> >> I s
On Mon, 2015-02-02 at 20:26 -0800, PatrickD Garvey wrote:
>
> The CentOS wiki pages found by a title page search are:
> http://wiki.centos.org/HelpOnConfiguration/SecurityPolicy
> http://wiki.centos.org/HowTos/Security
> http://wiki.centos.org/Security
> http://wiki.centos.org/Security/Heartbleed
On Tue, Feb 3, 2015 at 11:20 AM, Scott Robbins wrote:
>>
>> I don't think anybody is missing anything. "Palindrome" in this context
>> may not be limited to real words; the author may be suggesting that you
>> not pick your password by picking a real word and tacking on its
>> reverse to make a p
On 02/03/2015 11:19 AM, Jay Leafey wrote:
The documentation says that you can just put "vnc" (or
"vncconnect={host}") in the kickstart file in the command section and
proceed from there. Here's a link to an article in Red Hat Magazine
that has a pretty good overview:
http://www.redhat.com/maga
With Lars' original comment of not having a ks file specified, I figured it
out from there. And appending vnc to the command line is really all I need
for it to work.
Thanks everyone for the replies. Always very helpful!
On Tue, Feb 3, 2015 at 10:43 AM, Jay Leafey wrote:
> On 02/03/2015 11:19 A
On Tue, February 3, 2015 11:37 am, Les Mikesell wrote:
> On Tue, Feb 3, 2015 at 11:20 AM, Scott Robbins wrote:
>>>
>>> I don't think anybody is missing anything. "Palindrome" in this
>>> context
>>> may not be limited to real words; the author may be suggesting that you
>>> not pick your passwor
On Tue, 2015-02-03 at 17:34 +, Always Learning wrote:
> Inventions should have have occurred if everyone always had exactly
> the same attitude and beliefs as everyone else. Thinking differently
> is often beneficial.
Whoops !
Inventions *WOULD NEVER* have occurred if *PEOPLE* always had ex
On Tue, Feb 3, 2015 at 11:48 AM, Valeri Galtsev
wrote:
>
>> I think the intent is: "Don't use a password likely to be included in
>> the list that an attacker would try". Of course if services would
>> rate-limit the failures
>
> Which sysadmins do for ages when they configure their machines. And
On Tue, February 3, 2015 12:08 pm, Les Mikesell wrote:
> On Tue, Feb 3, 2015 at 11:48 AM, Valeri Galtsev
> wrote:
>>
>>> I think the intent is: "Don't use a password likely to be included in
>>> the list that an attacker would try". Of course if services would
>>> rate-limit the failures
>>
>> Wh
On Tue, Feb 3, 2015 at 12:24 PM, Valeri Galtsev
wrote:
>
> Sounds so I almost have to feel shame for securing my boxes no matter what
> job vendor did ;-)
Yes, computers and the way people access them are pretty much a
commodity now. If you are spending time building something exotic for
a commo
On Tue, February 3, 2015 12:39 pm, Les Mikesell wrote:
> On Tue, Feb 3, 2015 at 12:24 PM, Valeri Galtsev
> wrote:
>>
>> Sounds so I almost have to feel shame for securing my boxes no matter
>> what
>> job vendor did ;-)
>
> Yes, computers and the way people access them are pretty much a
> commodi
On Tue, Feb 3, 2015 at 1:01 PM, Valeri Galtsev
wrote:
>
>>
>> Yes, computers and the way people access them are pretty much a
>> commodity now. If you are spending time building something exotic for
>> a common purpose, isn't that a waste?
>
> Do I have to take that people who are not sysadmins t
On Tue, Feb 3, 2015 at 9:34 AM, Always Learning wrote:
>
> On Mon, 2015-02-02 at 20:26 -0800, PatrickD Garvey wrote:
>>
>> The CentOS wiki pages found by a title page search are:
>> http://wiki.centos.org/HelpOnConfiguration/SecurityPolicy
>> http://wiki.centos.org/HowTos/Security
>> http://wiki.c
On Tue, 2015-02-03 at 12:39 -0600, Les Mikesell wrote:
> There are probably still people that take their cars apart to check
> that they were assembled correctly too.
Its about taking personal responsibility for the security of your
system(s). Trusting someone else's settings of what THEY think
On Tue, 2015-02-03 at 13:01 -0600, Valeri Galtsev wrote:
> I for one will never trust that ipad and will not originate connection
> to secure box from it.
+1.
--
Regards,
Paul.
England, EU. Je suis Charlie.
___
CentOS mailing list
CentOS@cento
On Tue, 2015-02-03 at 13:15 -0600, Les Mikesell wrote:
> No, I think there are better things for sysadmins to do than fix
> settings that should have had better defaults.
How can any SysAdmin (= System Administrator) administer something he or
she is uncertain about ? The job of any system admi
On Tue, Feb 3, 2015 at 11:15 AM, Les Mikesell wrote:
> On Tue, Feb 3, 2015 at 1:01 PM, Valeri Galtsev
> wrote:
>>
Perhaps the Simplified Linux Server Special Interest Group
http://wiki.centos.org/SpecialInterestGroup/SLS
could benefit from contributions from each of you?
On Tue, Feb 3, 2015 at 1:30 PM, Always Learning wrote:
>
>> There are probably still people that take their cars apart to check
>> that they were assembled correctly too.
>
> Its about taking personal responsibility for the security of your
> system(s). Trusting someone else's settings of what TH
On Tue, February 3, 2015 1:15 pm, Les Mikesell wrote:
> On Tue, Feb 3, 2015 at 1:01 PM, Valeri Galtsev
> wrote:
>>
>>>
>>> Yes, computers and the way people access them are pretty much a
>>> commodity now. If you are spending time building something exotic for
>>> a common purpose, isn't that a
On Tue, February 3, 2015 1:37 pm, PatrickD Garvey wrote:
> On Tue, Feb 3, 2015 at 11:15 AM, Les Mikesell
> wrote:
>> On Tue, Feb 3, 2015 at 1:01 PM, Valeri Galtsev
>> wrote:
>>>
> Perhaps the Simplified Linux Server Special Interest Group
> http://wiki.centos.org/SpecialInterestGroup/SLS
> could
On Tue, 2015-02-03 at 11:21 -0800, PatrickD Garvey wrote:
> > *** NOTHING about Firewalls (IP Tables) ***
> I agree, this is not good.
> Come do as I have done.
> I followed the instructions at
> http://wiki.centos.org/Contribute#head-42b3d8e26400a106851a61aebe5c2cca54dd79e5
3. Contr
On 2/3/2015 11:57 AM, Always Learning wrote:
'AlwaysLearning', 'alwayslearning' and 'MrLearning' makes me ...
... an anonymous troll.
--
john r pierce 37N 122W
somewhere on the middle of the left coast
___
Cen
On Tue, 2015-02-03 at 13:37 -0600, Les Mikesell wrote:
> On Tue, Feb 3, 2015 at 1:30 PM, Always Learning wrote:
> >
> > Its about taking personal responsibility for the security of your
> > system(s). Trusting someone else's settings of what THEY think YOUR
> > security should be, is very unwis
On Tue, Feb 03, 2015 at 08:03:35PM +, Always Learning wrote:
> Nothing wrong with letting "an expert" preconfigure the system and then,
> after installation, the SysAdmin checking to ensure all the settings
> satisfy the SysAdmin's requirements.
Wouldn't that be like having the OS installer re
On Tue, Feb 3, 2015 at 11:57 AM, Always Learning wrote:
>
> On Tue, 2015-02-03 at 11:21 -0800, PatrickD Garvey wrote:
>
>> I would love to review the improvements you may make to any page of the wiki.
>
> Post the URL of your page.
>
http://wiki.centos.org/PatrickDGarvey
_
On Tue, Feb 3, 2015 at 2:03 PM, Always Learning wrote:
>
> Nothing wrong with letting "an expert" preconfigure the system and then,
> after installation, the SysAdmin checking to ensure all the settings
> satisfy the SysAdmin's requirements.
>
I'd just rather see them applying their expertise to
On Tue, 2015-02-03 at 11:59 -0800, John R Pierce wrote:
> On 2/3/2015 11:57 AM, Always Learning wrote:
> > 'AlwaysLearning', 'alwayslearning' and 'MrLearning' makes me ...
>
> ... an anonymous troll.
That type of reaction dissuades people from contributing to the List.
Why don't you personally
On Tue, 2015-02-03 at 15:05 -0500, Jonathan Billings wrote:
> On Tue, Feb 03, 2015 at 08:03:35PM +, Always Learning wrote:
> > Nothing wrong with letting "an expert" preconfigure the system and then,
> > after installation, the SysAdmin checking to ensure all the settings
> > satisfy the SysA
On Tue, 2015-02-03 at 12:06 -0800, PatrickD Garvey wrote:
> On Tue, Feb 3, 2015 at 11:57 AM, Always Learning wrote:
> >
> > On Tue, 2015-02-03 at 11:21 -0800, PatrickD Garvey wrote:
> >
> >> I would love to review the improvements you may make to any page of the
> >> wiki.
> >
> > Post the URL
On Tue, Feb 03, 2015 at 02:10:31PM -0600, Les Mikesell wrote:
> I'd just rather see them applying their expertise to actually making
> the code resist brute-force password attacks instead of stopping the
> install until I pick a password that I'll have to write down because
> they think it will tak
On Tue, 2015-02-03 at 14:10 -0600, Les Mikesell wrote:
> On Tue, Feb 3, 2015 at 2:03 PM, Always Learning wrote:
> >
> > Nothing wrong with letting "an expert" preconfigure the system and then,
> > after installation, the SysAdmin checking to ensure all the settings
> > satisfy the SysAdmin's req
On Tue, Feb 3, 2015 at 2:44 PM, Always Learning wrote:
>
> There should be a basic defence that when the password is wrong 'n'
> occasions the IP address is blocked automatically and permanently unless
> it is specifically allowed in IP Tables.
The people who are good at this will make the attemp
On Tue, Feb 03, 2015 at 02:10:31PM -0600, Les Mikesell wrote:
> I'd just rather see them applying their expertise to actually making
> the code resist brute-force password attacks instead of stopping the
> install until I pick a password that I'll have to write down because
> they think it will tak
On Tue, 2015-02-03 at 14:48 -0600, Les Mikesell wrote:
> On Tue, Feb 3, 2015 at 2:44 PM, Always Learning wrote:
> >
> > There should be a basic defence that when the password is wrong 'n'
> > occasions the IP address is blocked automatically and permanently unless
> > it is specifically allowed
On 4 February 2015 at 02:17, James B. Byrne wrote:
> I think it well to recall that the change which instigated this
> tempest was not to the network operations of a RHEL based system but
> to the 'INSTALLER' process, Anaconda. Now, I might be off base on
> this but really, ask yourself: Who exac
On Tue, 2015-02-03 at 15:51 -0500, Jonathan Billings wrote:
> Also, it isn't up to the *installer* to set up a system that resists
> brute-force password attacks.
Give us the tools to do the job !
My amalgamated idea is:-
(1) When external access gets a password wrong 'n' occasions, as
determ
On 2/3/2015 1:22 PM, Always Learning wrote:
Baffled why it has never been done but then I'm Always Learning.
'fail2ban' with a bit of configuration for your exceptions.
--
john r pierce 37N 122W
somewhere on the middle of the left coast
_
On 2015-02-03 22:22, Always Learning wrote:
>
> On Tue, 2015-02-03 at 15:51 -0500, Jonathan Billings wrote:
>
>> Also, it isn't up to the *installer* to set up a system that resists
>> brute-force password attacks.
>
> Give us the tools to do the job !
>
> My amalgamated idea is:-
>
> (1) Whe
On Feb 3, 2015, at 8:17 AM, James B. Byrne wrote:
>
> Who exactly uses an installer program?
We do.
Kickstart never really met our needs, and all these now-common CM systems came
out way after we had shell-scripted our post-install setup adequately. To go
back and rebuild everything in Pupp
Hey guys,
I need to give the 'nobody' user (which is what our apache runs as) no
password access to a file, via sudo. This is what I've tried:
nobody ALL=(ALL) NOPASSWD: /var/www/qa/launchpadnew/site/ftp_check.php
But if I become the nobody user and try to access the file, it tries to
pro
try "sudo php /var/www/qa/launchpadnew/site/ftp_check.php" and "sudo
/var/www/qa/launchpadnew/site/ftp_check.php"
You're giving the user the ability to run
/var/www/qa/launchpadnew/site/ftp_check.php
but not necessarily php. Your script might not need it, so try it each
way. And, since you're u
On 2015-02-03, Markus wrote:
> On 2015-02-03 22:22, Always Learning wrote:
>>
>> (1) When external access gets a password wrong 'n' occasions, as
>> determined by the SysAdmin, the external IP address is automatically
>> permanently blocked unless that IP is included in a IP Tables 'allow'
>> ta
On Tue, February 3, 2015 4:32 pm, Tim Dunphy wrote:
> Hey guys,
>
> I need to give the 'nobody' user (which is what our apache runs as) no
> password access to a file, via sudo. This is what I've tried:
>
> nobody ALL=(ALL) NOPASSWD:
> /var/www/qa/launchpadnew/site/ftp_check.php
>
> But if
On 2/3/2015 2:32 PM, Tim Dunphy wrote:
-bash-3.2$ php /var/www/qa/launchpadnew/site/ftp_check.php
[sudo] password for nobody:
where did sudo even come into this picture?
does this ftp_check.php script fork a shell with sudo or something?
sounds like a VERY bad way of doing whatever it is you'
Scott Robbins wrote:
> On Tue, Feb 03, 2015 at 01:53:45PM +, Timothy Murphy wrote:
>>
>> The 7 rules listed in this URL seem utterly bizarre to me.
>>
>> The first is "Don't use a palindrome"
>> which makes me wonder if the author knows the meaning of this word.
>> I suspect he/she thinks it
On Wed, Feb 04, 2015 at 12:34:20AM +, Timothy Murphy wrote:
> Scott Robbins wrote:
>
> > On Tue, Feb 03, 2015 at 01:53:45PM +, Timothy Murphy wrote:
> >>
> >> The 7 rules listed in this URL seem utterly bizarre to me.
> >>
> >> The first is "Don't use a palindrome"
> >> which makes me wo
On Tue, 2015-02-03 at 15:02 +1100, Kahlil Hodgson wrote:
> Thinking about you systems from a penetration testing perspective can
> be helpful. For example, "Always Learning" has just told us that he
> uses single character root passwords on his testing machines, that he
> is testing 7 days a wee
On 4 February 2015 at 14:36, Always Learning wrote:
>> Thinking about you systems from a penetration testing perspective can
>> be helpful. For example, "Always Learning" has just told us that he
>> uses single character root passwords on his testing machines, that he
>> is testing 7 days a week
Hi,
On Wed, Feb 4, 2015 at 4:57 AM, John R Pierce wrote:
> On 2/3/2015 2:32 PM, Tim Dunphy wrote:
>
>> -bash-3.2$ php /var/www/qa/launchpadnew/site/ftp_check.php
>> [sudo] password for nobody:
>>
>
In sudoers file, you have to provide the whole path of the "php" command to
execute any php file.
65 matches
Mail list logo
