file and no data can be written
to the file. Only the superuser or a process possessing the
CAP_LINUX_IMMUTABLE capability can set or clear this attribute.
Is something similar also available for other filing systems?
Cheers,
Richard
--
__ _
|_) /| Richard Atterer |
On Thu, Aug 12, 2004 at 01:56:53PM +0200, Marcel Weber wrote:
> Richard Atterer wrote:
> >This strikes me as a weird solution. What's wrong with setting the
> >cookie lifetime higher, so that people only need to log in e.g. once a
> >day? Hmm, presumably the web applicat
er via ARP poisoning,
persuading them to try logging on on my machine, or just bribing them. :)
But with my nitpicking-security-paranoia hat on, the solution is not ideal.
> This is important because $s and $c get stored in the cookie.
Why $s? Surely you'll only store $c in the cookie
You could also try installing snoopy, which logs all commands executed by
users to auth.log. Then look for unusual commands executed by user
"www-data" if you suspect insecure PHP scripts etc.
Cheers,
Richard
--
__ _
|_) /| Richard Atterer | GnuPG key:
|
You could also try installing snoopy, which logs all commands executed by
users to auth.log. Then look for unusual commands executed by user
"www-data" if you suspect insecure PHP scripts etc.
Cheers,
Richard
--
__ _
|_) /| Richard Atterer | GnuPG key:
|
dress in the From field. If I confirm, the person sending me the
confirmation message will be delivered the spam. If more people did this,
confirmation senders would notice that the system doesn't work.
Richard
--
__ _
|_) /| Richard Atterer | GnuPG key:
| \/¯| http:
dress in the From field. If I confirm, the person sending me the
confirmation message will be delivered the spam. If more people did this,
confirmation senders would notice that the system doesn't work.
Richard
--
__ _
|_) /| Richard Atterer | GnuPG key:
| \/¯| http:
stall from scratch.
Maybe also consider using a different ftpd...
Cheers,
Richard
--
__ _
|_) /| Richard Atterer | GnuPG key:
| \/¯| http://atterer.net | 0x888354F7
¯ '` ¯
stall from scratch.
Maybe also consider using a different ftpd...
Cheers,
Richard
--
__ _
|_) /| Richard Atterer | GnuPG key:
| \/¯| http://atterer.net | 0x888354F7
¯ '` ¯
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
code from the GNOME guidelines mentioned there, and
just create your fifo instead of doing the open().
Cheers,
Richard
--
__ _
|_) /| Richard Atterer | GnuPG key:
| \/¯| http://atterer.net | 0x888354F7
¯ '` ¯
om the GNOME guidelines mentioned there, and
just create your fifo instead of doing the open().
Cheers,
Richard
--
__ _
|_) /| Richard Atterer | GnuPG key:
| \/¯| http://atterer.net | 0x888354F7
¯ '` ¯
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of &
l in PHP and pass an "-f" switch to the
sendmail invocation. That way, you can specify any sender address you like.
HTH,
Richard
--
__ _
|_) /| Richard Atterer | GnuPG key:
| \/¯| http://atterer.net | 0x888354F7
¯ '` ¯
l in PHP and pass an "-f" switch to the
sendmail invocation. That way, you can specify any sender address you like.
HTH,
Richard
--
__ _
|_) /| Richard Atterer | GnuPG key:
| \/¯| http://atterer.net | 0x888354F7
¯ '` ¯
--
To UNSUBSCRIBE, email to [EMAIL PROT
x27;s even support for it
in Apache 2... but do today's browsers support it?
Cheers,
Richard
--
__ _
|_) /| Richard Atterer | GnuPG key:
| \/¯| http://atterer.net | 0x888354F7
¯ '` ¯
x27;s even support for it
in Apache 2... but do today's browsers support it?
Cheers,
Richard
--
__ _
|_) /| Richard Atterer | GnuPG key:
| \/¯| http://atterer.net | 0x888354F7
¯ '` ¯
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
,
Richard
--
__ _
|_) /| Richard Atterer | GnuPG key:
| \/¯| http://atterer.net | 0x888354F7
¯ '` ¯
,
Richard
--
__ _
|_) /| Richard Atterer | GnuPG key:
| \/¯| http://atterer.net | 0x888354F7
¯ '` ¯
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
rmance are a problem for you. Each of the 100 LANs would just route
all 10.0.0.0/16 addresses to the central node, and only the central node
would be trusted, so you don't have to mess with CAs etc...
Cheers,
Richard
--
__ _
|_) /| Richard Atterer | GnuPG key:
| \/¯| http://atterer.net | 0x888354F7
¯ '` ¯
//www.strongsec.com/freeswan/>, sections
3.1 and 3.2.
HTH,
Richard
--
__ _
|_) /| Richard Atterer | GnuPG key:
| \/¯| http://atterer.net | 0x888354F7
¯ '` ¯
rmance are a problem for you. Each of the 100 LANs would just route
all 10.0.0.0/16 addresses to the central node, and only the central node
would be trusted, so you don't have to mess with CAs etc...
Cheers,
Richard
--
__ _
|_) /| Richard Atterer | GnuPG key:
//www.strongsec.com/freeswan/>, sections
3.1 and 3.2.
HTH,
Richard
--
__ _
|_) /| Richard Atterer | GnuPG key:
| \/¯| http://atterer.net | 0x888354F7
¯ '` ¯
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
big network, if I will
> >choice freeswan (or other) without OE ?
100 VPN connections isn't /that/ much, I think FreeS/WAN or the 2.6.0 IPSec
should be able to handle it. (Maybe ask the developers to ensure it does.)
> >PS: Sorry, for my poor english, I'm not a native speaker.
> me neither :)
Ditto. :-)
ü,
Richard
--
__ _
|_) /| Richard Atterer | GnuPG key:
| \/¯| http://atterer.net | 0x888354F7
¯ '` ¯
big network, if I will
> >choice freeswan (or other) without OE ?
100 VPN connections isn't /that/ much, I think FreeS/WAN or the 2.6.0 IPSec
should be able to handle it. (Maybe ask the developers to ensure it does.)
> >PS: Sorry, for my poor english, I'm not a native speaker.
> me neither :)
Ditto. :-)
ü,
Richard
--
__ _
|_) /| Richard Atterer | GnuPG key:
| \/¯| http://atterer.net | 0x888354F7
¯ '` ¯
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Also see this page for a useful comparison between AIDE and tripwire:
http://www.fbunet.de/aide.shtml
Cheers,
Richard
--
__ _
|_) /| Richard Atterer | GnuPG key:
| \/¯| http://atterer.net | 0x888354F7
¯ '` ¯
Also see this page for a useful comparison between AIDE and tripwire:
http://www.fbunet.de/aide.shtml
Cheers,
Richard
--
__ _
|_) /| Richard Atterer | GnuPG key:
| \/¯| http://atterer.net | 0x888354F7
¯ '` ¯
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a su
d
that one host in your LAN is configured to the address 1.2.3.4.
Cheers,
Richard
--
__ _
|_) /| Richard Atterer | GnuPG key:
| \/¯| http://atterer.net | 0x888354F7
¯ '` ¯
files.
umask *is* the right solution (together with a sticky-bit dir). Set up a
default umask which allows global read access and *let* users defeat it! If
they know how to change their umask to something more restrictive, they're
bound to know what they're doing!
Cheers,
Ri
d
that one host in your LAN is configured to the address 1.2.3.4.
Cheers,
Richard
--
__ _
|_) /| Richard Atterer | GnuPG key:
| \/¯| http://atterer.net | 0x888354F7
¯ '` ¯
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
files.
umask *is* the right solution (together with a sticky-bit dir). Set up a
default umask which allows global read access and *let* users defeat it! If
they know how to change their umask to something more restrictive, they're
bound to know what they're doing!
Cheers,
Ri
On Tue, Feb 03, 2004 at 05:38:40AM +0100, Philipp Schulte wrote:
> No, with REJECT they would show up as "closed". DROP produces "filtered".
FWIW, you also need "--reject-with tcp-reset" to fool nmap.
Richard
--
__ _
|_) /| Richard Atterer
On Tue, Feb 03, 2004 at 05:38:40AM +0100, Philipp Schulte wrote:
> No, with REJECT they would show up as "closed". DROP produces "filtered".
FWIW, you also need "--reject-with tcp-reset" to fool nmap.
Richard
--
__ _
|_) /| Richard Atterer
hat case, squid is indeed
the wrong solution.
Maybe have a look at sslwrap+redir, or stunnel, which can run on any
machine in your DMZ and forward incoming connections to the internal
machine, adding SSL encryption to make it more secure.
Cheers,
Richard
--
__ _
|_) /| Richard Atter
hat case, squid is indeed
the wrong solution.
Maybe have a look at sslwrap+redir, or stunnel, which can run on any
machine in your DMZ and forward incoming connections to the internal
machine, adding SSL encryption to make it more secure.
Cheers,
Richard
--
__ _
|_) /| Richard Atter
33 matches
Mail list logo
