On 12/02/15 20:03, Warren Young wrote:
Hi, just a quick note to whoever is maintaining this page:
http://wiki.centos.org/HowTos/Network/SecuringSSH
The procedure is missing the firewall-cmd calls necessary in EL7:
firewall-cmd --add-port 2345/tcp
firewall-cmd --add-port 2345/tcp
On 12/02/15 20:03, Warren Young wrote:
Hi, just a quick note to whoever is maintaining this page:
http://wiki.centos.org/HowTos/Network/SecuringSSH
The procedure is missing the firewall-cmd calls necessary in EL7:
firewall-cmd --add-port 2345/tcp
firewall-cmd --add-port
On Fri, 2015-02-13 at 09:46 -0500, Lamar Owen wrote:
On 02/13/2015 09:15 AM, Chris Adams wrote:
Yeah, the old move stuff to alternate ports thing is largely a waste
of time and just makes it more difficult for legitimate use. With
large bot networks and tools like zmap, finding services
Once upon a time, James Hogarth james.hoga...@gmail.com said:
If you really want to SSH to a port other than 22 for a little obscurity
use an iptables dnat to map the high port to local host 22 and block 22
from external connections.
Yeah, the old move stuff to alternate ports thing is largely
On 02/13/2015 09:15 AM, Chris Adams wrote:
Yeah, the old move stuff to alternate ports thing is largely a waste
of time and just makes it more difficult for legitimate use. With
large bot networks and tools like zmap, finding services on alternate
ports is not that hard for the bad guys.
On 02/13/2015 05:41 AM, James Hogarth wrote:
This is horrible advice anyway. It's not a good idea to run SSH on a port
greater than 1024 since if a crash exploit is used to kill the process a
non-root trojan process faking SSH to gather credentials could then bind on
that port trivially totally
Always Learning wrote:
On Fri, 2015-02-13 at 09:46 -0500, Lamar Owen wrote:
On 02/13/2015 09:15 AM, Chris Adams wrote:
Yeah, the old move stuff to alternate ports thing is largely a waste
of time and just makes it more difficult for legitimate use. With
large bot networks and tools like
On Fri, February 13, 2015 9:05 am, Always Learning wrote:
On Fri, 2015-02-13 at 09:46 -0500, Lamar Owen wrote:
On 02/13/2015 09:15 AM, Chris Adams wrote:
Yeah, the old move stuff to alternate ports thing is largely a waste
of time and just makes it more difficult for legitimate use. With
On Fri, Feb 13, 2015 at 9:57 AM, Ken Smith k...@kensnet.org wrote:
Hi All,
I'm just wanting to check that my understanding of the settings is correct
as my web searches are finding a lot of dated information.
If I want a Centos 6 sendmail system act as the secondary MX for domain
Hi All,
I'm just wanting to check that my understanding of the settings is
correct as my web searches are finding a lot of dated information.
If I want a Centos 6 sendmail system act as the secondary MX for domain
b.co.uk do I just add a
Connect:b.co.uk RELAY
On 12/02/15 16:51, Brian Mathis wrote:
Thanks for putting in the effort here. It's never a good situation to have
to moderate, but sometimes it is necessary.
From my perspective, this kind of thing happens far more often than the
current example, though maybe not with such intensity. This
On 12/02/15 18:08, Les Mikesell wrote:
On Thu, Feb 12, 2015 at 10:51 AM, Brian Mathis
brian.mathis+cen...@betteradmin.com wrote:
CentOS is unquestionably one of the most used Linux distros
in the world, and yet the mailing list is relatively quiet. To me this is
a symptom of a problem, and I
On Fri, Feb 13, 2015 at 12:09 PM, Karanbir Singh mail-li...@karan.org wrote:
I think it is generally a good thing when the bulk of the conversation
here is ranting about mostly irrelevant opinions. That is, instead
yes, lots of irrelevant conversation on the list - and it comes from a
Les Mikesell wrote:
On Fri, Feb 13, 2015 at 11:39 AM, Valeri Galtsev
galt...@kicp.uchicago.edu wrote:
Otherwise it accept junk that your primary rejects
Not exactly. If greylisting on primary is set, but on backup MX is not,
still what is killed by greylisting by primary MX, almost never
On Fri, February 13, 2015 12:07 pm, Karanbir Singh wrote:
On 12/02/15 16:51, Brian Mathis wrote:
Thanks for putting in the effort here. It's never a good situation to
have
to moderate, but sometimes it is necessary.
From my perspective, this kind of thing happens far more often than the
On Fri, February 13, 2015 11:52 am, Les Mikesell wrote:
On Fri, Feb 13, 2015 at 11:39 AM, Valeri Galtsev
galt...@kicp.uchicago.edu wrote:
Otherwise it accept junk that your primary rejects
Not exactly. If greylisting on primary is set, but on backup MX is not,
still what is killed by
On Fri, February 13, 2015 12:18 pm, Ken Smith wrote:
Les Mikesell wrote:
On Fri, Feb 13, 2015 at 11:39 AM, Valeri Galtsev
galt...@kicp.uchicago.edu wrote:
Otherwise it accept junk that your primary rejects
Not exactly. If greylisting on primary is set, but on backup MX is not,
still what
On Fri, Feb 13, 2015 at 12:45 PM, Valeri Galtsev
galt...@kicp.uchicago.edu wrote:
In this case the secondary MX has the same RBL's etc etc as the primary.
I do see the spammers sending their junk to the secondary more than the
primary MX. Agree the secondary does not know the difference
On Fri, Feb 13, 2015 at 11:39 AM, Valeri Galtsev
galt...@kicp.uchicago.edu wrote:
Otherwise it accept junk that your primary rejects
Not exactly. If greylisting on primary is set, but on backup MX is not,
still what is killed by greylisting by primary MX, almost never will come
through
On 02/12/2015 08:14 PM, dE wrote:
Looking at the default policies of various zones, I've come to realize
that only the drop zone has an affect, that's because this's the only
one which drops unmatched packets.
I'm not sure what you mean, but most firewall sets for iptables follow
the same
On Fri, Feb 13, 2015 at 12:32 PM, Valeri Galtsev
galt...@kicp.uchicago.edu wrote:
I stated pure observation on at least two pairs of primary - backup MX I
maintain. Still I made backup MXes with greylisting as well (they are
separately hit by same bad spammers scripts, at a rate about 10 times
On Fri, February 13, 2015 11:04 am, Les Mikesell wrote:
On Fri, Feb 13, 2015 at 9:57 AM, Ken Smith k...@kensnet.org wrote:
Hi All,
I'm just wanting to check that my understanding of the settings is
correct
as my web searches are finding a lot of dated information.
If I want a Centos 6
Once upon a time, Ken Smith k...@kensnet.org said:
In this case the secondary MX has the same RBL's etc etc as the
primary. I do see the spammers sending their junk to the secondary
more than the primary MX. Agree the secondary does not know the
difference between valid and invalid addresses.
On Feb 13, 2015, at 9:03 AM, Valeri Galtsev galt...@kicp.uchicago.edu wrote:
...changing port numbers...does not really add security. Security through
obscurity is only considered to be efficient by Windows folks.
“Security through obscurity” is an overused mantra of derision.
Originally,
On Fri, February 13, 2015 12:52 pm, Les Mikesell wrote:
On Fri, Feb 13, 2015 at 12:45 PM, Valeri Galtsev
galt...@kicp.uchicago.edu wrote:
In this case the secondary MX has the same RBL's etc etc as the
primary.
I do see the spammers sending their junk to the secondary more than the
On 13/02/15 18:45, Valeri Galtsev wrote:
So, what is the secondary MX server that you are describing that accepts
everything is based on?
if you actually read the thread you are replying to blindly, you might
find out ?
--
Karanbir Singh
+44-207-0999389 | http://www.karan.org/ |
On Sat, 14 Feb 2015 01:52:00 +0530
MOHD HOMAIDUR RAHMAN wrote:
when I am login in terminal I am getting following message.
Something is running the export command when you login. Type the word export
at a bash prompt and I'd bet you'll see the same output again.
You probably have something
Hi, folks,
(The system I'm doing this on is actually RHEL 6.6, but that list is so
quiet)
We've got a new RAID box attached to the server. Large. We'd like to
implement xfs quotas... but one thing I can't find is information on
this: we want to export the real directory to /project,
On Fri, February 13, 2015 12:41 pm, Les Mikesell wrote:
On Fri, Feb 13, 2015 at 12:32 PM, Valeri Galtsev
galt...@kicp.uchicago.edu wrote:
I stated pure observation on at least two pairs of primary - backup MX I
maintain. Still I made backup MXes with greylisting as well (they are
separately
- Original Message -
| Hi, folks,
|
|(The system I'm doing this on is actually RHEL 6.6, but that list is so
| quiet)
|
|We've got a new RAID box attached to the server. Large. We'd like to
| implement xfs quotas... but one thing I can't find is information on
| this: we want
Ken Smith wrote:
Hi All,
I'm just wanting to check that my understanding of the settings is
correct as my web searches are finding a lot of dated information.
If I want a Centos 6 sendmail system act as the secondary MX for
domain b.co.uk do I just add a
Connect:b.co.uk
On Fri, Feb 13, 2015 at 1:11 PM, Valeri Galtsev
galt...@kicp.uchicago.edu wrote:
So even though sendmail I heard is not a security disaster for long
time already I'm quite happy with postfix.
Sendmail was pretty much all fixed by the time postfix was released,
and made even better with the
Dear all
when I am login in terminal I am getting following message.
declare -x ALL_PROXY=socks://hproxy.iitm.ac.in:3128/
declare -x AMBERHOME=/sware/amber/amber12
declare -x COLORTERM=gnome-terminal
declare -x CPPFLAGS=-I/usr/local/bin/include
declare -x
Karanbir Singh wrote:
On 13/02/15 18:45, Valeri Galtsev wrote:
So, what is the secondary MX server that you are describing that accepts
everything is based on?
if you actually read the thread you are replying to blindly, you might
find out ?
:-)
--
This message has been scanned for
On Fri, 2015-02-13 at 10:03 -0600, Valeri Galtsev wrote:
On Fri, February 13, 2015 9:05 am, Always Learning wrote:
I always change the SSH port to something conspicuously different. Every
server has a different and difficult to guess SSH port number with
access restricted to a few IP
On Fri, 2015-02-13 at 11:04 -0600, Les Mikesell wrote:
I'd recommend not having a secondary MX at all unless it is equipped
to reject invalid users and spam in all the same ways as your primary.
Otherwise it accept junk that your primary rejects and then you are
obligated to send a bounce
On Fri, 2015-02-13 at 11:21 -0500, m.r...@5-cent.us wrote:
I disagree - I am in the waste of time camp. The reality is that only
script kiddies start out by trying 22 (and I *do* mean script kiddies -
I've seen attempts to ssh in that were obviously from warez, man, where
they were too
On Fri, 2015-02-13 at 11:39 -0600, Valeri Galtsev wrote:
I've seen at least at some point that google mail accepts everything.
That is because Google is primarily a USA government sponsored
intelligence gathering operation. It wants as much information as
possible. Google's commercial
On Fri, 2015-02-13 at 18:09 +, Karanbir Singh wrote:
yes, lots of irrelevant conversation on the list - and it comes from a
handful of users. Its irrelevant, take it to an irrelevant venue.
centos.m...@centos.org
centos...@centos.org ?
c...@centos.org
--
Being new to some aspects of BASH, I tried to reduce the quantity of
scripts by introducing a comparison test into an existing working
script.
The script refused to work until I placed [ ] around the actual test.
The second test, in the same script, misfunctioned until I removed the
[ ] around
On Fri, Feb 13, 2015 at 11:26 PM, Always Learning cen...@u64.u22.net wrote:
Being new to some aspects of BASH, I tried to reduce the quantity of
scripts by introducing a comparison test into an existing working
script.
The script refused to work until I placed [ ] around the actual test.
The
On Sat, 2015-02-14 at 05:26 +, Always Learning wrote:
NON-WORKING second comparison
15 if [ $file='law00.css' ]
16 then
17file=$dir/$file
18echo css
19 else
20file=$dir/$file\.php
21echo no css
22 fi
23 #
Every
On Fri, 2015-02-13 at 23:46 -0600, Les Mikesell wrote:
I think you are missing some very basic concepts here. First, the
shell likes to parse things separated by white space. Second, [ is a
synonym for test which is a build-in version of /bin/test, so try 'man
test' for the syntax of
On Fri, 2015-02-13 at 18:27 -0800, PatrickD Garvey wrote:
On Fri, Feb 13, 2015 at 7:12 AM, Lamar Owen lo...@pari.edu wrote:
On 02/13/2015 05:41 AM, James Hogarth wrote:
This is also why the Orange Book and its Rainbow kin exist (Orange Book =
5200.28-STD, aka DoD Trusted Computer System
On Fri, Feb 13, 2015 at 7:12 AM, Lamar Owen lo...@pari.edu wrote:
On 02/13/2015 05:41 AM, James Hogarth wrote:
This is also why the Orange Book and its Rainbow kin exist (Orange Book =
5200.28-STD, aka DoD Trusted Computer System Evaluation Criteria).
Should anyone care to learn from the
On 12/02/15 20:03, Warren Young wrote:
Hi, just a quick note to whoever is maintaining this page:
http://wiki.centos.org/HowTos/Network/SecuringSSH
The procedure is missing the firewall-cmd calls necessary in EL7:
firewall-cmd --add-port 2345/tcp
firewall-cmd --add-port 2345/tcp
El error te lo manda gnome-shell, y si por lo visto es un bug reportado en
fedora 19 mismo comportamiento y esto debido a un consumo alto de recursos,
de igual manera la recomendacion es deshabilitar las extensiones.
Lo que podrias intentar no se si exista en la version de gnome 3.x es
entrar
On 13/02/15 19:18, Lokesh Mandvekar wrote:
On Fri, Feb 13, 2015 at 12:15:39PM +, Karanbir Singh wrote:
hi guys,
docker 1.5 is now in virt7-testing repos, please test and feedback so we
can move to release..
thanks lokesh!
- KB
Sure thing KB. Also, docker-registry will be ready for
On Fri, Feb 13, 2015 at 12:15:39PM +, Karanbir Singh wrote:
hi guys,
docker 1.5 is now in virt7-testing repos, please test and feedback so we
can move to release..
thanks lokesh!
- KB
Sure thing KB. Also, docker-registry will be ready for release by tonight
(meaning working
Gracias por tu respuesta
esperare a la 7.1 a ver si lo solucionan sino me rendiré y abandonare
CentOS como desktop
yo hago alt+f2+r y puedo estar 1h más trabajando pero no es plan
Gracias por tus comentarios
Hi,
Am 13.02.2015 um 09:48 schrieb Ned Slider:
On 12/02/15 20:03, Warren Young wrote:
Hi, just a quick note to whoever is maintaining this page:
http://wiki.centos.org/HowTos/Network/SecuringSSH
The procedure is missing the firewall-cmd calls necessary in EL7:
firewall-cmd
Hola estoy configurando mi servidor en centos 7 y ya configure todo los
parametro de mi red pero no puedo navegar, pero si puedo hacer ping al 8.8.8.8
pero cuando hago ping www.google.es unknown host www.google.es
---Robin Guadalupe GoñasAsistente
Hi,
I don't see the official doc for CentOS 7. Does anybody know where is
it? Thanks.
https://www.centos.org/docs/
--
Regards,
Peng
___
CentOS-docs mailing list
CentOS-docs@centos.org
http://lists.centos.org/mailman/listinfo/centos-docs
53 matches
Mail list logo