Re: [CentOS] Using keepass on Centos 6
On Wed, September 21, 2016 5:25 pm, Gordon Messmer wrote: > On 09/21/2016 02:48 PM, Valeri Galtsev wrote: >> I use KeepassX. That one has versions for pretty much all open source >> systems (Linux, *BSD) and for variety of others widely used systems: >> MacOS, Android, iOS, MS Windows (just listed the ones I know of). > > So we're back to this... KeepassX is compatible with the Keepass 2 > database format, but is not Keepass. KeepassX has OS X and Windows > ports, but the mobile clients you're referring to are also ports of > Keepass (not KeepassX) or are Keepass-compatible applications. > > KeepassX doesn't support plugins at all, so none of these are available: > http://keepass.info/plugins.html Aha, great, thanks for setting us straight! > >> Thanks >> to that I can open the same encrypted password store on pretty much all >> devices and systems I use. However, no, I don't consider it reasonable >> for >> myself to use it from inside web browser > > Do you use KeepassX's auto-type? That's (approximately) what KeeFox > does, except that the plugin interface is more secure. Note that > KeepassX doesn't offer that feature on OS X and Windows. Since web > passwords are probably the most common use of a password manager, > auto-fill of web login forms should be considered an essential function > for such a program. Between the two, Keepass is a much better option. > ___ > CentOS mailing list > CentOS@centos.org > https://lists.centos.org/mailman/listinfo/centos > Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247 ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Using keepass on Centos 6
On 09/21/2016 02:48 PM, Valeri Galtsev wrote: I use KeepassX. That one has versions for pretty much all open source systems (Linux, *BSD) and for variety of others widely used systems: MacOS, Android, iOS, MS Windows (just listed the ones I know of). So we're back to this... KeepassX is compatible with the Keepass 2 database format, but is not Keepass. KeepassX has OS X and Windows ports, but the mobile clients you're referring to are also ports of Keepass (not KeepassX) or are Keepass-compatible applications. KeepassX doesn't support plugins at all, so none of these are available: http://keepass.info/plugins.html Thanks to that I can open the same encrypted password store on pretty much all devices and systems I use. However, no, I don't consider it reasonable for myself to use it from inside web browser Do you use KeepassX's auto-type? That's (approximately) what KeeFox does, except that the plugin interface is more secure. Note that KeepassX doesn't offer that feature on OS X and Windows. Since web passwords are probably the most common use of a password manager, auto-fill of web login forms should be considered an essential function for such a program. Between the two, Keepass is a much better option. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Using keepass on Centos 6
On Wed, September 21, 2016 5:15 pm, Keith Keller wrote: > On 2016-09-21, Valeri Galtsev wrote: >> >> On Wed, September 21, 2016 4:30 pm, Keith Keller wrote: >>> On 2016-09-21, Gordon Messmer wrote: On 09/21/2016 11:30 AM, H wrote: https://www.passwordstore.org/ >>> >>> This looks very cool, but is there a version for Android? One of the >>> reasons I picked KeePass is that I could use a copy of the same >>> password >>> file with clients on linux, OS X, or Android. (And if I had an iOS >>> device KeePass works there too.) >> >> I use KeepassX. That one has versions for pretty much all open source >> systems (Linux, *BSD) and for variety of others widely used systems: >> MacOS, Android, iOS, MS Windows (just listed the ones I know of). Thanks >> to that I can open the same encrypted password store on pretty much all >> devices and systems I use. > > I was pretty dumb in asking this question: right at the top of the web > page, it says that third parties have made Android and iOS apps. Sorry > about that! > >> However, no, I don't consider it reasonable for >> myself to use it from inside web browser, hence I would recommend >> reconsider this part in favor of universal tool. > > While pass does have a Firefox plugin, I don't think I'd use it, but I > can imagine someone else might. It sounds like this is different from > keeping your key store in The Cloud (TM), And no, I would not keep _my_ password store on any "Cloud" except maybe on my own server running open source owncloud instance. If security is concerned, paranoia is your friend ;-) Valeri > but I didn't read the plugin > page carefully. > > --keith > > -- > kkel...@wombat.san-francisco.ca.us > > > ___ > CentOS mailing list > CentOS@centos.org > https://lists.centos.org/mailman/listinfo/centos > Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247 ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Using keepass on Centos 6
On 2016-09-21, Valeri Galtsev wrote: > > On Wed, September 21, 2016 4:30 pm, Keith Keller wrote: >> On 2016-09-21, Gordon Messmer wrote: >>> On 09/21/2016 11:30 AM, H wrote: >>> >>> https://www.passwordstore.org/ >> >> This looks very cool, but is there a version for Android? One of the >> reasons I picked KeePass is that I could use a copy of the same password >> file with clients on linux, OS X, or Android. (And if I had an iOS >> device KeePass works there too.) > > I use KeepassX. That one has versions for pretty much all open source > systems (Linux, *BSD) and for variety of others widely used systems: > MacOS, Android, iOS, MS Windows (just listed the ones I know of). Thanks > to that I can open the same encrypted password store on pretty much all > devices and systems I use. I was pretty dumb in asking this question: right at the top of the web page, it says that third parties have made Android and iOS apps. Sorry about that! > However, no, I don't consider it reasonable for > myself to use it from inside web browser, hence I would recommend > reconsider this part in favor of universal tool. While pass does have a Firefox plugin, I don't think I'd use it, but I can imagine someone else might. It sounds like this is different from keeping your key store in The Cloud (TM), but I didn't read the plugin page carefully. --keith -- kkel...@wombat.san-francisco.ca.us ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Using keepass on Centos 6
On Wed, September 21, 2016 4:30 pm, Keith Keller wrote: > On 2016-09-21, Gordon Messmer wrote: >> On 09/21/2016 11:30 AM, H wrote: >>> You are right, I'll look at it again. Let me ask, what other password >>> managers are people using, if any? >> >> >> I use keepass, but I know people who like: >> >> https://www.passwordstore.org/ > > This looks very cool, but is there a version for Android? One of the > reasons I picked KeePass is that I could use a copy of the same password > file with clients on linux, OS X, or Android. (And if I had an iOS > device KeePass works there too.) I use KeepassX. That one has versions for pretty much all open source systems (Linux, *BSD) and for variety of others widely used systems: MacOS, Android, iOS, MS Windows (just listed the ones I know of). Thanks to that I can open the same encrypted password store on pretty much all devices and systems I use. However, no, I don't consider it reasonable for myself to use it from inside web browser, hence I would recommend reconsider this part in favor of universal tool. Just my $0.02 Valeri > > --keith > > -- > kkel...@wombat.san-francisco.ca.us > > > ___ > CentOS mailing list > CentOS@centos.org > https://lists.centos.org/mailman/listinfo/centos > Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247 ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Using keepass on Centos 6
On 2016-09-21, Gordon Messmer wrote: > On 09/21/2016 11:30 AM, H wrote: >> You are right, I'll look at it again. Let me ask, what other password >> managers are people using, if any? > > > I use keepass, but I know people who like: > > https://www.passwordstore.org/ This looks very cool, but is there a version for Android? One of the reasons I picked KeePass is that I could use a copy of the same password file with clients on linux, OS X, or Android. (And if I had an iOS device KeePass works there too.) --keith -- kkel...@wombat.san-francisco.ca.us ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] CentOS-6.8 PCI Hwdr issue?
I have begun to see these messages in my morning reports: WARNING: Kernel Errors Present pciehp :00:1c.0:pcie04: Link Training Error occurs ...: 146 Time(s) pciehp 0ng Error occurs ...: 1 Time(s) pcieport :00:1c.0: bridge window [mem 0xd0a00.0 failed with error -22 ...: 1 Time(s) r8168: probe of :01:00.0 failed with error -22 ...: 702 Time(s) r8168: probe of :01:00.0 failed with erroridge to [bus 01-0 The system is the KVM host for a number of our virtual guest servers. Investigating this further has revealed that these messages being produced in vast numbers and that the messages log file is bloated in consequence. Sep 16 23:20:01 vhost01 kernel: pciehp :00:1c.0:pcie04: Card not present on Slot(0) Sep 16 23:20:02 vhost01 kernel: pciehp :00:1c.0:pcie04: Card present on Slot(0) Sep 16 23:20:03 vhost01 kernel: pciehp :00:1c.0:pcie04: Card not present on Slot(0) Sep 16 23:20:04 vhost01 kernel: pciehp :00:1c.0:pcie04: Card present on Slot(0) Sep 16 23:20:05 vhost01 kernel: pciehp :00:1c.0:pcie04: Card not present on Slot(0) Sep 16 23:20:06 vhost01 kernel: pciehp :00:1c.0:pcie04: Card present on Slot(0) Sep 16 23:20:07 vhost01 kernel: pciehp :00:1c.0:pcie04: Card not present on Slot(0) Sep 16 23:20:08 vhost01 kernel: pciehp :00:1c.0:pcie04: Card present on Slot(0) Sep 16 23:20:09 vhost01 kernel: pciehp :00:1c.0:pcie04: Card not present on Slot(0) Sep 16 23:20:10 vhost01 kernel: pciehp :00:1c.0:pcie04: Card present on Slot(0) Sep 16 23:20:10 vhost01 kernel: pciehp :00:1c.0:pcie04: Card not present on Slot(0) Sep 16 23:20:10 vhost01 kernel: pciehp :00:1c.0:pcie04: Card present on Slot(0) Sep 16 23:20:10 vhost01 kernel: pciehp :00:1c.0:pcie04: Card not present on Slot(0) Sep 16 23:20:10 vhost01 kernel: pciehp :00:1c.0:pcie04: Card present on Slot(0) Sep 16 23:20:10 vhost01 kernel: pciehp :00:1c.0:pcie04: Card not present on Slot(0) Sep 16 23:20:10 vhost01 kernel: pciehp :00:1c.0:pcie04: Card present on Slot(0) Sep 16 23:20:10 vhost01 kernel: pciehp :00:1c.0:pcie04: Card not present on SSep 18 03:20:01 vhost01 kernel: pciehp :00:1c.0:pcie04: Card present on Slot(0) Sep 18 03:20:01 vhost01 kernel: pciehp :00:1c.0:pcie04: Card present on Slot(0) Sep 18 03:20:01 vhost01 kernel: pciehp :00:1c.0:pcie04: Card present on Slot(0) Sep 18 03:20:02 vhost01 kernel: pciehp :00:1c.0:pcie04: Card not present on Slot(0) Sep 18 03:20:02 vhost01 kernel: pciehp :00:1c.0:pcie04: Card present on Slot(0) Sep 18 03:20:02 vhost01 kernel: pciehp :00:1c.0:pcie04: Card not present on Slot(0) Sep 18 03:20:02 vhost01 kernel: pciehp :00:1c.0:pcie04: Card present on Slot(0) Sep 18 03:20:02 vhost01 kernel: pciehp :00:1c.0:pcie04: Card not present on Slot(0) Sep 18 03:20:02 vhost01 kernel: pcieport :00:1c.0: PCI bridge to [bus 01-01] Sep 18 03:20:02 vhost01 kernel: pcieport :00:1c.0: bridge window [io 0xe000-0xefff] Sep 18 03:20:01 vhost01 kernel: pciehp :00:1c.0:pcie04: Card present on Slot(0) Sep 18 03:20:02 vhost01 kernel: pciehp :00:1c.0:pcie04: Card not present on Slot(0) Sep 18 03:20:02 vhost01 kernel: pciehp :00:1c.0:pcie04: Card present on Slot(0) Sep 18 03:20:02 vhost01 kernel: pciehp :00:1c.0:pcie04: Card not present on Slot(0) Sep 18 03:20:02 vhost01 kernel: pciehp :00:1c.0:pcie04: Card present on Slot(0) Sep 18 03:20:02 vhost01 kernel: pciehp :00:1c.0:pcie04: Card not present on Slot(0) Sep 18 03:20:02 vhost01 kernel: pcieport :00:1c.0: PCI bridge to [bus 01-01] Sep 18 03:20:02 vhost01 kernel: pcieport :00:1c.0: bridge window [io 0xe000-0xefff] Sep 18 03:20:02 vhost01 kernel: pcieport :00:1c.0: bridge window [mem 0xd080-0xd08f] Sep 18 03:20:02 vhost01 kernel: pcieport :00:1c.0: bridge window [mem 0xd0a0-0xd0cf 64bit pref] Sep 18 03:20:02 vhost01 kernel: pci :01:00.0: no hotplug settings from platform Sep 18 03:20:02 vhost01 kernel: pci :01:00.0: using default PCI settings Sep 18 03:20:02 vhost01 kernel: r8168 Gigabit Ethernet driver 8.040.00-NAPI loaded Sep 18 03:20:02 vhost01 kernel: r8168 :01:00.0: PCI INT ? -> GSI 18 (level, low) -> IRQ 18 These messages are generated ceaselessly. Research reveals that this error is possibly related to some sort of driver incompatibility involving Realtek chip sets. However, I do not seem to have this hardware installed on this host: lspci 00:00.0 Host bridge: Intel Corporation 4 Series Chipset DRAM Controller (rev 03) 00:02.0 VGA compatible controller: Intel Corporation 4 Series Chipset Integrated Graphics Controller (rev 03) 00:02.1 Display controller: Intel Corporation 4 Series Chipset Integrated Graphics Controller (rev 03) 00:03.0 Communication controller: Intel Corporation 4 Series Chipset HECI Controller (rev 03) 00:19.0 Ethernet controller: Intel Corporation 82567V-2 Gigabit Network Connection 00:1a.0 USB controller: Intel Corporation 82801JI (ICH10
Re: [CentOS] Using keepass on Centos 6
On 09/21/2016 11:30 AM, H wrote: You are right, I'll look at it again. Let me ask, what other password managers are people using, if any? I use keepass, but I know people who like: https://www.passwordstore.org/ ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Using keepass on Centos 6
sticky notes On Wed, Sep 21, 2016 at 2:45 PM, Frank Cox wrote: > On Wed, 21 Sep 2016 14:30:43 -0400 > H wrote: > > > what other password managers are people using, if any? > > I personally use revelation. > > -- > MELVILLE THEATRE ~ Real D 3D Digital Cinema ~ www.melvilletheatre.com > ___ > CentOS mailing list > CentOS@centos.org > https://lists.centos.org/mailman/listinfo/centos > ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CentOS 6.8, Iptables 1.4.7, and MASQUERADE
On 09/20/2016 04:03 PM, Robert Heller wrote: > I have a server that is also a firewall router at a public library with > a fiber optic Internet connection. It is running kernel > 2.6.32-642.4.2.el6.x86_64 (current CentOS 6.8) and Iptables 1.4.7 > (current stock CentOS 6.8). I having trouble with Internet throughput. I > am supposed to be getting 20Mbits down and 20MBits up, but I am not > getting that. It has no problem doing 20MBits down, but for uploads of > *large* files (using different protocols, such as ssh or http), the > upload starts at 20MBits, but over time quickly slows down to about > 3MBits. Speedtests claim I am getting about 20/20. I seem to be about to > get 3Mbits *per transfer*, even if the transfers are concurrent and MRTG > shows total throughput edging up to 6Mbits. > > What can possibly be going on. My ISP is not believing there is anything > wrong on their end. About the only thing left is maybe some sort of > weirdness with Iptables imposing some sort of I/O overhead, maybe related > to the MASQUERADE postrouting. Does this even make sense? > ==> as for your problem of slow down, i find that a lot of sites will throttle back, possible because they have their system set up to do so. i found that many speed test sites use a poor way of testing speed and do not really test. searched for better tester and so far have had good results using; http://speedof.me/ have a look at; http://speedof.me/howitworks.html for explanation of testing process and you will see why it is better. -- peace out. CentOS GNU/Linux 6.8 tc,hago. g . =+= Tired of having your microsoft os hacked? Change to Linux os, used by microsoft hackers. =+= in a world with out fences, who needs gates. =+= ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Using keepass on Centos 6
On Wed, 21 Sep 2016 14:30:43 -0400 H wrote: > what other password managers are people using, if any? I personally use revelation. -- MELVILLE THEATRE ~ Real D 3D Digital Cinema ~ www.melvilletheatre.com ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Using keepass on Centos 6
On September 21, 2016 2:25:37 PM EDT, Gordon Messmer wrote: >On 09/21/2016 09:16 AM, H wrote: >> I wish there was one, it makes all the difference by allowing >automated login to websites. > > >Maybe you should take another look at keepass, then? Mono is available > >in EPEL. keepass runs reasonably well in it. keefox should work as >expected. The technical barriers here are .. basically non-existent. > >___ >CentOS mailing list >CentOS@centos.org >https://lists.centos.org/mailman/listinfo/centos You are right, I'll look at it again. Let me ask, what other password managers are people using, if any? ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Using keepass on Centos 6
On 09/21/2016 09:16 AM, H wrote: I wish there was one, it makes all the difference by allowing automated login to websites. Maybe you should take another look at keepass, then? Mono is available in EPEL. keepass runs reasonably well in it. keefox should work as expected. The technical barriers here are .. basically non-existent. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] PHP vulnerability CVE-2016-4073
On 09/21/2016 05:43 AM, Прокси wrote: On 2016-Sep-21 14:35, Adrian Sevcenco wrote: On 09/21/2016 02:02 PM, Прокси wrote: Hello, My server with CentOS 6.8 just failed PCI scan, so I'm looking into vulnerable packages. PHP 5.3.3 have multiple vulnerabilities, some of them are fixed/patched or have some kind of workaround. But I can't find a way to fix this one. Red Hat state: under investigation. https://access.redhat.com/security/cve/cve-2016-4073 This CVE is 6 months old, and it doesn't look like it will be fixed. Does anyone knows the way to go around this? Except blocking mb_strcut() function. you could try the unsupported php from remi repos... you can find there php 7.0 .. I use CentOS because I need stable and patched packages, so I can be sure that all applications work without unpleasant surprises. Going to unsupported packages would be my last option. I feel the same way but I find that it is generally safe and beneficial to update the LAMP stack on servers and the multimedia stack on the desktop. Things like HTTP/2 are not available in the Apache that ships even with CentOS 7 and the PHP is so outdated that it causes problems when using third party projects because the developers of those projects aren't using anything that old anymore. And for the TLS stack, mobile really benefits from chacha20 ciphers. With respect to multimedia, there's the fluendo codec pack but interestingly FireFox won't play mp3 with the fluendo codec pack, it wants the libmad plugin. And even more bizarre, maybe they have fixed it, but GStreamer 1.x in CentOS 7 when it shipped was not capable of decoding the VP9 codec used in WebM2. CentOS 7 came with tools to encode VP9 but the GStreamer was too crusty to decode it, and the commercial fluendo plugins were of no help there - replacing the GStreamer 1.x packages with a modern build was the only option. Stability is pointless when it doesn't serve the intended purpose. PHP even in CentOS 7 should be updated for a production server. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Using keepass on Centos 6
On September 21, 2016 12:10:18 PM EDT, Valeri Galtsev wrote: > >On Wed, September 21, 2016 10:57 am, Gordon Messmer wrote: >> On 09/21/2016 06:50 AM, H wrote: >>> Thank you, downloaded and installed keepassx2 from EPEL since >keepassx >>> seemed to suffer from a bug per the home page. >> >> Which URL describes the bug? >> >>> The database opened fine but unfortunately the KeeFox extension >for >>> Firefox does not seem to be compatible... >> >> >> KeeFox, AFAIK, is an extension that interfaces with Keepass, the .Net >> application. KeepassX is a different product. I don't see a browser >> plugin that interfaces with that one. > >And I for one wouldn't trust any browser (huge sophisticated chunk of >code, capable executing someone's else code - like java scripts etc) to >go >inside my encrypted password database. If you want security, paranoia >is >your friend. If you don't want security, why use KeepassX in the first >place? > >Valeri > > > >Valeri Galtsev >Sr System Administrator >Department of Astronomy and Astrophysics >Kavli Institute for Cosmological Physics >University of Chicago >Phone: 773-702-4247 > >___ >CentOS mailing list >CentOS@centos.org >https://lists.centos.org/mailman/listinfo/centos Well, I am not sure how KeeFox and Keepass work together. At some time the browser needs the userid and password to login. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Using keepass on Centos 6
On September 21, 2016 11:57:14 AM EDT, Gordon Messmer wrote: >On 09/21/2016 06:50 AM, H wrote: >> Thank you, downloaded and installed keepassx2 from EPEL since >keepassx seemed to suffer from a bug per the home page. > >Which URL describes the bug? > >> The database opened fine but unfortunately the KeeFox extension for >Firefox does not seem to be compatible... > > >KeeFox, AFAIK, is an extension that interfaces with Keepass, the .Net >application. KeepassX is a different product. I don't see a browser >plugin that interfaces with that one. > >___ >CentOS mailing list >CentOS@centos.org >https://lists.centos.org/mailman/listinfo/centos I wish there was one, it makes all the difference by allowing automated login to websites. I have not gotten Auto-Type to work... ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Using keepass on Centos 6
On Wed, September 21, 2016 10:57 am, Gordon Messmer wrote: > On 09/21/2016 06:50 AM, H wrote: >> Thank you, downloaded and installed keepassx2 from EPEL since keepassx >> seemed to suffer from a bug per the home page. > > Which URL describes the bug? > >> The database opened fine but unfortunately the KeeFox extension for >> Firefox does not seem to be compatible... > > > KeeFox, AFAIK, is an extension that interfaces with Keepass, the .Net > application. KeepassX is a different product. I don't see a browser > plugin that interfaces with that one. And I for one wouldn't trust any browser (huge sophisticated chunk of code, capable executing someone's else code - like java scripts etc) to go inside my encrypted password database. If you want security, paranoia is your friend. If you don't want security, why use KeepassX in the first place? Valeri Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247 ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Using keepass on Centos 6
On 09/21/2016 06:50 AM, H wrote: Thank you, downloaded and installed keepassx2 from EPEL since keepassx seemed to suffer from a bug per the home page. Which URL describes the bug? The database opened fine but unfortunately the KeeFox extension for Firefox does not seem to be compatible... KeeFox, AFAIK, is an extension that interfaces with Keepass, the .Net application. KeepassX is a different product. I don't see a browser plugin that interfaces with that one. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Using keepass on Centos 6
On September 20, 2016 3:43:17 PM EDT, H wrote: >Is anyone running keepass on C6? I have a rather large password >database under Windows that I want also to use on my Centos systems. It >seems that keepass is not available, it relies on mono and there may be >bugs. > >Googling also seems to suggest that I should download the source code >and compile to install. The nux repository seems to have a version for >C7, but not for C6. > >Many suppositions and few facts - perhaps someone knows better? > >Thanks! > >___ >CentOS mailing list >CentOS@centos.org >https://lists.centos.org/mailman/listinfo/centos Thank you, downloaded and installed keepassx2 from EPEL since keepassx seemed to suffer from a bug per the home page. The database opened fine but unfortunately the KeeFox extension for Firefox does not seem to be compatible... ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] ipset and blacklisting
> -Original Message- > From: centos-boun...@centos.org [mailto:centos-boun...@centos.org] On > Behalf Of tdu...@palmettoshopper.com > Sent: Wednesday, September 21, 2016 9:10 AM > To: CentOS mailing list > Subject: Re: [CentOS] ipset and blacklisting > I do a: > > ipset save blacklist, and service ipset save > > I use three scripts: > > access_log_ips.sh Thanks, I need to do this myself. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] ipset and blacklisting
Original Message Subject: Re: [CentOS] ipset and blacklisting From: "Albert McCann" Date: Wed, September 21, 2016 5:34 am To: "'CentOS mailing list'" How are you saving and reloading the ipsets over a reboot? > -Original Message- > From: centos-boun...@centos.org [mailto:centos-boun...@centos.org] On > Behalf Of TE Dukes > Sent: Tuesday, September 20, 2016 9:46 PM > To: 'CentOS mailing list' > Subject: [CentOS] ipset and blacklisting > > This is what ipset can do for traffic on a home server that's not wanted > on > a slow 6MB DSL connection. > > http://palmettoshopper.com/httpd_traffic.jpg > > I only use my home server for zoneminder, testing my commercial website > and > streaming movies. > > Got tired of hackers looking for files that don't exist on my home server > and non-complying robots. > > Check the drop in bandwidth. > > Setup up a redirect to the NSA webite. They can deal with the hackers. > > HTH > I do a: ipset save blacklist, and service ipset save I use three scripts: access_log_ips.sh #!/bin/bash ## cp /root/blacklist /root/blacklist.old sed -e 's/\([0-9]\+\.[0-9]\+\.[0-9]\+\.[0-9]\+\).*$/\1/' -e t -e d /var/log/httpd/access_log | sort | uniq > blacklist exit 0 import_blacklist.sh #!/bin/bash ## sed s/,/\\n/g /root/blacklist |while read i; do ipset add blacklist $i /usr/sbin/ipset save blacklist # rm -f /root/blacklist.old done and most importantly so I don't ban myself, ipset_whitelist.sh #!/bin/bash ## ipset del blacklist 192.168.1.102 ipset del blacklist 192.168.1.110 ipset del blacklist 107.161.163.5 ipset del blacklist 24.168.204.125 ipset del blacklist 107.161.163.4 ipset del blacklist 66.87.133.247 ipset del blacklist 107.161.163.10 ipset del blacklist 192.240.96.67 ipset del blacklist 107.161.163.8 ipset del blacklist 192.240.96.133 ipset del blacklist 127.0.0.1 ipset save blacklist service ipset save exit 0 I combined the three in another script that runs 4 times a day. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] PHP vulnerability CVE-2016-4073
On 2016-Sep-21 14:45, Eero Volotinen wrote: > https://pci.qualys.com/static/help/merchant/questionnaires/compensating_controls_definition.htm > > Eero Well, I was hoping to get some ideas for compensating controls in this case. Anyhow, I just added mb_strcut() to disable_functions. I'll be able to live without it. > 2016-09-21 14:02 GMT+03:00 Прокси : > > > Hello, > > > > My server with CentOS 6.8 just failed PCI scan, so I'm looking into > > vulnerable packages. PHP 5.3.3 have multiple vulnerabilities, some of > > them are fixed/patched or have some kind of workaround. But I can't find > > a way to fix this one. Red Hat state: under investigation. > > > > https://access.redhat.com/security/cve/cve-2016-4073 > > > > This CVE is 6 months old, and it doesn't look like it will be fixed. > > Does anyone knows the way to go around this? Except blocking mb_strcut() > > function. > > > > Thanks! > > ___ > > CentOS mailing list > > CentOS@centos.org > > https://lists.centos.org/mailman/listinfo/centos > > > ___ > CentOS mailing list > CentOS@centos.org > https://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] PHP vulnerability CVE-2016-4073
On 2016-Sep-21 14:35, Adrian Sevcenco wrote: > On 09/21/2016 02:02 PM, Прокси wrote: > > Hello, > > > > My server with CentOS 6.8 just failed PCI scan, so I'm looking into > > vulnerable packages. PHP 5.3.3 have multiple vulnerabilities, some of > > them are fixed/patched or have some kind of workaround. But I can't find > > a way to fix this one. Red Hat state: under investigation. > > > > https://access.redhat.com/security/cve/cve-2016-4073 > > > > This CVE is 6 months old, and it doesn't look like it will be fixed. > > Does anyone knows the way to go around this? Except blocking mb_strcut() > > function. > you could try the unsupported php from remi repos... you can find there php > 7.0 .. I use CentOS because I need stable and patched packages, so I can be sure that all applications work without unpleasant surprises. Going to unsupported packages would be my last option. > ___ > CentOS mailing list > CentOS@centos.org > https://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] ipset and blacklisting
How are you saving and reloading the ipsets over a reboot? > -Original Message- > From: centos-boun...@centos.org [mailto:centos-boun...@centos.org] On > Behalf Of TE Dukes > Sent: Tuesday, September 20, 2016 9:46 PM > To: 'CentOS mailing list' > Subject: [CentOS] ipset and blacklisting > > This is what ipset can do for traffic on a home server that's not wanted > on > a slow 6MB DSL connection. > > http://palmettoshopper.com/httpd_traffic.jpg > > I only use my home server for zoneminder, testing my commercial website > and > streaming movies. > > Got tired of hackers looking for files that don't exist on my home server > and non-complying robots. > > Check the drop in bandwidth. > > Setup up a redirect to the NSA webite. They can deal with the hackers. > > HTH > > > > ___ > CentOS mailing list > CentOS@centos.org > https://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] PHP vulnerability CVE-2016-4073
https://pci.qualys.com/static/help/merchant/questionnaires/compensating_controls_definition.htm Eero 2016-09-21 14:02 GMT+03:00 Прокси : > Hello, > > My server with CentOS 6.8 just failed PCI scan, so I'm looking into > vulnerable packages. PHP 5.3.3 have multiple vulnerabilities, some of > them are fixed/patched or have some kind of workaround. But I can't find > a way to fix this one. Red Hat state: under investigation. > > https://access.redhat.com/security/cve/cve-2016-4073 > > This CVE is 6 months old, and it doesn't look like it will be fixed. > Does anyone knows the way to go around this? Except blocking mb_strcut() > function. > > Thanks! > ___ > CentOS mailing list > CentOS@centos.org > https://lists.centos.org/mailman/listinfo/centos > ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] PHP vulnerability CVE-2016-4073
On 09/21/2016 02:02 PM, Прокси wrote: > Hello, > > My server with CentOS 6.8 just failed PCI scan, so I'm looking into > vulnerable packages. PHP 5.3.3 have multiple vulnerabilities, some of > them are fixed/patched or have some kind of workaround. But I can't find > a way to fix this one. Red Hat state: under investigation. > > https://access.redhat.com/security/cve/cve-2016-4073 > > This CVE is 6 months old, and it doesn't look like it will be fixed. > Does anyone knows the way to go around this? Except blocking mb_strcut() > function. you could try the unsupported php from remi repos... you can find there php 7.0 .. HTH, Adrian ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] PHP vulnerability CVE-2016-4073
Hello, My server with CentOS 6.8 just failed PCI scan, so I'm looking into vulnerable packages. PHP 5.3.3 have multiple vulnerabilities, some of them are fixed/patched or have some kind of workaround. But I can't find a way to fix this one. Red Hat state: under investigation. https://access.redhat.com/security/cve/cve-2016-4073 This CVE is 6 months old, and it doesn't look like it will be fixed. Does anyone knows the way to go around this? Except blocking mb_strcut() function. Thanks! ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos