On 12/02/15 20:03, Warren Young wrote:
> Hi, just a quick note to whoever is maintaining this page:
>
> http://wiki.centos.org/HowTos/Network/SecuringSSH
>
> The procedure is missing the firewall-cmd calls necessary in EL7:
>
> firewall-cmd --add-port 2345/tcp
> firewall-cmd --add-port 2
> On 12/02/15 20:03, Warren Young wrote:
> > Hi, just a quick note to whoever is maintaining this page:
> >
> > http://wiki.centos.org/HowTos/Network/SecuringSSH
> >
> > The procedure is missing the firewall-cmd calls necessary in EL7:
> >
> > firewall-cmd --add-port 2345/tcp
> > firewall-cmd
Once upon a time, James Hogarth said:
> If you really want to SSH to a port other than 22 for a little obscurity
> use an iptables dnat to map the high port to local host 22 and block 22
> from external connections.
Yeah, the old "move stuff to alternate ports" thing is largely a waste
of time an
On 02/13/2015 09:15 AM, Chris Adams wrote:
Yeah, the old "move stuff to alternate ports" thing is largely a waste
of time and just makes it more difficult for legitimate use. With
large bot networks and tools like zmap, finding services on alternate
ports is not that hard for the "bad guys".
On Fri, 2015-02-13 at 09:46 -0500, Lamar Owen wrote:
> On 02/13/2015 09:15 AM, Chris Adams wrote:
> > Yeah, the old "move stuff to alternate ports" thing is largely a waste
> > of time and just makes it more difficult for legitimate use. With
> > large bot networks and tools like zmap, finding
On 02/13/2015 05:41 AM, James Hogarth wrote:
This is horrible advice anyway. It's not a good idea to run SSH on a port
greater than 1024 since if a crash exploit is used to kill the process a
non-root trojan process faking SSH to gather credentials could then bind on
that port trivially totally c
Hi All,
I'm just wanting to check that my understanding of the settings is
correct as my web searches are finding a lot of dated information.
If I want a Centos 6 sendmail system act as the secondary MX for domain
b.co.uk do I just add a
Connect:b.co.uk RELAY
statemen
On Fri, February 13, 2015 9:05 am, Always Learning wrote:
>
> On Fri, 2015-02-13 at 09:46 -0500, Lamar Owen wrote:
>
>> On 02/13/2015 09:15 AM, Chris Adams wrote:
>> > Yeah, the old "move stuff to alternate ports" thing is largely a waste
>> > of time and just makes it more difficult for legitimat
Always Learning wrote:
>
> On Fri, 2015-02-13 at 09:46 -0500, Lamar Owen wrote:
>
>> On 02/13/2015 09:15 AM, Chris Adams wrote:
>> > Yeah, the old "move stuff to alternate ports" thing is largely a waste
>> > of time and just makes it more difficult for legitimate use. With
>> > large bot networks
On Fri, Feb 13, 2015 at 9:57 AM, Ken Smith wrote:
> Hi All,
>
> I'm just wanting to check that my understanding of the settings is correct
> as my web searches are finding a lot of dated information.
>
> If I want a Centos 6 sendmail system act as the secondary MX for domain
> b.co.uk do I jus
On Fri, February 13, 2015 11:04 am, Les Mikesell wrote:
> On Fri, Feb 13, 2015 at 9:57 AM, Ken Smith wrote:
>> Hi All,
>>
>> I'm just wanting to check that my understanding of the settings is
>> correct
>> as my web searches are finding a lot of dated information.
>>
>> If I want a Centos 6 sendm
On Fri, Feb 13, 2015 at 11:39 AM, Valeri Galtsev
wrote:
>
>> Otherwise it accept junk that your primary rejects
>
> Not exactly. If greylisting on primary is set, but on backup MX is not,
> still what is killed by greylisting by primary MX, almost never will come
> through backup MX. This is due
On 02/12/2015 08:14 PM, dE wrote:
Looking at the default policies of various zones, I've come to realize
that only the drop zone has an affect, that's because this's the only
one which drops unmatched packets.
I'm not sure what you mean, but most firewall sets for iptables follow
the same pa
On 12/02/15 18:08, Les Mikesell wrote:
> On Thu, Feb 12, 2015 at 10:51 AM, Brian Mathis
> wrote:
>> CentOS is unquestionably one of the most used Linux distros
>> in the world, and yet the mailing list is relatively quiet. To me this is
>> a symptom of a problem, and I feel that it's partially a
On 12/02/15 16:51, Brian Mathis wrote:
> Thanks for putting in the effort here. It's never a good situation to have
> to moderate, but sometimes it is necessary.
>
> From my perspective, this kind of thing happens far more often than the
> current example, though maybe not with such intensity.
On Fri, February 13, 2015 12:07 pm, Karanbir Singh wrote:
> On 12/02/15 16:51, Brian Mathis wrote:
>
>> Thanks for putting in the effort here. It's never a good situation to
>> have
>> to moderate, but sometimes it is necessary.
>>
>> From my perspective, this kind of thing happens far more often
Les Mikesell wrote:
On Fri, Feb 13, 2015 at 11:39 AM, Valeri Galtsev
wrote:
Otherwise it accept junk that your primary rejects
Not exactly. If greylisting on primary is set, but on backup MX is not,
still what is killed by greylisting by primary MX, almost never will come
through backup MX.
On Fri, Feb 13, 2015 at 12:09 PM, Karanbir Singh wrote:
> >>
>> I think it is generally a good thing when the bulk of the conversation
>> here is ranting about mostly irrelevant opinions. That is, instead
>
> yes, lots of irrelevant conversation on the list - and it comes from a
> handful of use
On Fri, February 13, 2015 11:52 am, Les Mikesell wrote:
> On Fri, Feb 13, 2015 at 11:39 AM, Valeri Galtsev
> wrote:
>>
>>> Otherwise it accept junk that your primary rejects
>>
>> Not exactly. If greylisting on primary is set, but on backup MX is not,
>> still what is killed by greylisting by p
On Fri, Feb 13, 2015 at 12:32 PM, Valeri Galtsev
wrote:
>
> I stated pure observation on at least two pairs of primary - backup MX I
> maintain. Still I made backup MXes with greylisting as well (they are
> separately hit by same bad spammers scripts, at a rate about 10 times
> smaller than primar
On Fri, February 13, 2015 12:18 pm, Ken Smith wrote:
> Les Mikesell wrote:
>> On Fri, Feb 13, 2015 at 11:39 AM, Valeri Galtsev
>> wrote:
Otherwise it accept junk that your primary rejects
>>> Not exactly. If greylisting on primary is set, but on backup MX is not,
>>> still what is killed
On Fri, Feb 13, 2015 at 12:45 PM, Valeri Galtsev
wrote:
>
>>>
>> In this case the secondary MX has the same RBL's etc etc as the primary.
>> I do see the spammers sending their junk to the secondary more than the
>> primary MX. Agree the secondary does not know the difference between
>> valid and
On Fri, February 13, 2015 12:41 pm, Les Mikesell wrote:
> On Fri, Feb 13, 2015 at 12:32 PM, Valeri Galtsev
> wrote:
>>
>> I stated pure observation on at least two pairs of primary - backup MX I
>> maintain. Still I made backup MXes with greylisting as well (they are
>> separately hit by same bad
On Fri, February 13, 2015 12:52 pm, Les Mikesell wrote:
> On Fri, Feb 13, 2015 at 12:45 PM, Valeri Galtsev
> wrote:
>>
>>> In this case the secondary MX has the same RBL's etc etc as the
>>> primary.
>>> I do see the spammers sending their junk to the secondary more than the
>>> primary MX.
On 13/02/15 18:45, Valeri Galtsev wrote:
> So, what is the secondary MX server that you are describing that "accepts
> everything" is based on?
if you actually read the thread you are replying to blindly, you might
find out ?
--
Karanbir Singh
+44-207-0999389 | http://www.karan.org/ | twitter.
Once upon a time, Ken Smith said:
> In this case the secondary MX has the same RBL's etc etc as the
> primary. I do see the spammers sending their junk to the secondary
> more than the primary MX. Agree the secondary does not know the
> difference between valid and invalid addresses.
That's a big
On Fri, Feb 13, 2015 at 1:11 PM, Valeri Galtsev
wrote:
>
> So even though sendmail I heard is not a security disaster for long
> time already I'm quite happy with postfix.
Sendmail was pretty much all fixed by the time postfix was released,
and made even better with the addition of the milter int
Hi, folks,
(The system I'm doing this on is actually RHEL 6.6, but that list is so
quiet)
We've got a new RAID box attached to the server. Large. We'd like to
implement xfs quotas... but one thing I can't find is information on
this: we want to export the real directory to /project, and
- Original Message -
| Hi, folks,
|
|(The system I'm doing this on is actually RHEL 6.6, but that list is so
| quiet)
|
|We've got a new RAID box attached to the server. Large. We'd like to
| implement xfs quotas... but one thing I can't find is information on
| this: we want
Dear all
when I am login in terminal I am getting following message.
declare -x ALL_PROXY="socks://hproxy.iitm.ac.in:3128/"
declare -x AMBERHOME="/sware/amber/amber12"
declare -x COLORTERM="gnome-terminal"
declare -x CPPFLAGS="-I/usr/local/bin/include"
declare -x
DBUS_SESSION_BUS_ADDRESS="unix:ab
Karanbir Singh wrote:
On 13/02/15 18:45, Valeri Galtsev wrote:
So, what is the secondary MX server that you are describing that "accepts
everything" is based on?
if you actually read the thread you are replying to blindly, you might
find out ?
:-)
--
This message has been scanned for viru
On Sat, 14 Feb 2015 01:52:00 +0530
MOHD HOMAIDUR RAHMAN wrote:
> when I am login in terminal I am getting following message.
Something is running the export command when you login. Type the word export
at a bash prompt and I'd bet you'll see the same output again.
You probably have something s
Ken Smith wrote:
Hi All,
I'm just wanting to check that my understanding of the settings is
correct as my web searches are finding a lot of dated information.
If I want a Centos 6 sendmail system act as the secondary MX for
domain b.co.uk do I just add a
Connect:b.co.uk
> On Feb 13, 2015, at 9:03 AM, Valeri Galtsev wrote:
>
> ...changing port numbers...does not really add security. Security through
> obscurity is only considered to be efficient by Windows folks.
“Security through obscurity” is an overused mantra of derision.
Originally, it was a cry against sy
On Fri, 2015-02-13 at 10:03 -0600, Valeri Galtsev wrote:
> On Fri, February 13, 2015 9:05 am, Always Learning wrote:
> > I always change the SSH port to something conspicuously different. Every
> > server has a different and difficult to guess SSH port number with
> > access restricted to a few
On Fri, 2015-02-13 at 11:21 -0500, m.r...@5-cent.us wrote:
> I disagree - I am in the "waste of time" camp. The reality is that only
> script kiddies start out by trying 22 (and I *do* mean script kiddies -
> I've seen attempts to ssh in that were obviously from warez, man, where
> they were too
On Fri, 2015-02-13 at 11:04 -0600, Les Mikesell wrote:
> I'd recommend not having a secondary MX at all unless it is equipped
> to reject invalid users and spam in all the same ways as your primary.
> Otherwise it accept junk that your primary rejects and then you are
> obligated to send a boun
On Fri, 2015-02-13 at 11:39 -0600, Valeri Galtsev wrote:
> I've seen at least at some point that google mail accepts everything.
That is because Google is primarily a USA government sponsored
intelligence gathering operation. It wants as much information as
possible. Google's commercial activiti
On Fri, 2015-02-13 at 18:09 +, Karanbir Singh wrote:
> yes, lots of irrelevant conversation on the list - and it comes from a
> handful of users. Its irrelevant, take it to an irrelevant venue.
centos.m...@centos.org
centos...@centos.org ?
c...@centos.org
--
Regard
On Fri, Feb 13, 2015 at 7:12 AM, Lamar Owen wrote:
> On 02/13/2015 05:41 AM, James Hogarth wrote:
>
> This is also why the Orange Book and its Rainbow kin exist (Orange Book =
> 5200.28-STD, aka DoD Trusted Computer System Evaluation Criteria).
>
Should anyone care to learn from the Rainbow Books
On Fri, 2015-02-13 at 18:27 -0800, PatrickD Garvey wrote:
> On Fri, Feb 13, 2015 at 7:12 AM, Lamar Owen wrote:
> > On 02/13/2015 05:41 AM, James Hogarth wrote:
> >
> > This is also why the Orange Book and its Rainbow kin exist (Orange Book =
> > 5200.28-STD, aka DoD Trusted Computer System Evaluat
Being new to some aspects of BASH, I tried to reduce the quantity of
scripts by introducing a comparison test into an existing working
script.
The script refused to work until I placed [ ] around the actual test.
The second test, in the same script, misfunctioned until I removed the
[ ] around the
On Fri, Feb 13, 2015 at 11:26 PM, Always Learning wrote:
> Being new to some aspects of BASH, I tried to reduce the quantity of
> scripts by introducing a comparison test into an existing working
> script.
>
> The script refused to work until I placed [ ] around the actual test.
> The second test,
On Sat, 2015-02-14 at 05:26 +, Always Learning wrote:
> NON-WORKING second comparison
>
> 15 if [ $file='law00.css' ]
> 16 then
> 17file=$dir/$file
> 18echo "css"
> 19 else
> 20file=$dir/$file\.php
> 21echo "no css"
> 22 fi
> 23 #-
On Fri, 2015-02-13 at 23:46 -0600, Les Mikesell wrote:
> I think you are missing some very basic concepts here. First, the
> shell likes to parse things separated by white space. Second, [ is a
> synonym for test which is a build-in version of /bin/test, so try 'man
> test' for the syntax of te
45 matches
Mail list logo
