Is there any way to test this? I'm trying to chroot my apache server,
and I'm curious how I could test that it's actually using.
Also, does anyone have experience with using chroot via mod_security?
Thanks!
--
gentoo-user@gentoo.org mailing list
Check out ELOG in /etc/make.conf.examples.
jakommo wrote:
Hi all,
I was wondering if there is a way or a tool wich logs the hints emerge
gives you sometimes after merging a program.
The hints were usefull for me more than once but I dont want to watch
emerge all the time when I ' m merging se
Just keep in mind that rsa/dsa keys would be a more secure way of
authenticating, especially with all the brute-force scripts out there.
Jon M wrote:
Ohh okay that makes sense.
For everyones information, I got it to work properly. First of all,
I'm an idiot and was edited /etc/ssh/ssh_config
What are these buying the OP over chroot for what he wants to do?
Hans de Hartog wrote:
[EMAIL PROTECTED] wrote:
Hi,
I would like to implement some sort of "virtual servers"
(mail, www, ftp) on my small gentoo server as a way of
increasing security...
Now the only problem is (so typical for l
Not the "--bind" way, that's right. You could, however, do it with a
loopback'ed network fs mount.
Thanks Hans-Werner, I'll check that out!
--
gentoo-user@gentoo.org mailing list
As they say, security comes at the cost of convenience (and storage in
this case), so I think the most secure solution is to just copy over the
data I need to publish to the chroot. I've given it thought, and I don't
want the potential apache hax0r to get to (and potentially delete) all
my orig
Hey folks,
I will be running my apache2 server in a chroot. Most of my data for the
server (e.g. pictures, user webpages) are on another partition from my
chroot. I don't want to move all that data into the apache chroot if I
don't have to. Therefore I would have soft symlinks from the chroo
In addition to fail2ban, look at deny2hosts and sshdfilter.
fire-eyes wrote:
James Colby wrote:
List members -
I am running OpenSSH on my home gentoo server. I was examining the
log files for OpenSSH and I noticed multiple login attempts from the
same IP address but with different user nam
I have mine off. However, you should see which packages you have
installed that would take advantage of it before you turn it off globally.
Grant wrote:
Do you guys leave the berkdb USE flag on? It seems to be a default
flag, but I've been using -berkdb in make.conf ever since I started
using
I've also used -O2 on my Pentium 2 Celeron system without any problems.
I used to run -Os back on my Pentium 200Mhz days, and that works fine
too ;).
Honestly, however I never did any benchmarking between the different -O
settings on any of these machines, so I'm not sure they were the best
Do you see the user in /etc/passwd?
Thanks,
Brian
james wrote:
Hello,
A couple of week ago, I installed a system using 2006.1 Livecd
To day, I took a look at the /etc/group file and found 'gentoo'
listed in several groups, including wheel
(wheel audio cdrom usb users games) to be specific.
I
Yes, don't do it.
Grant wrote:
I have an 802.11g network and I'm considering buying a wireless RF
keyboard that uses the 2.4Ghz frequency. Am I setting myself up for
interference problems?
- Grant
--
gentoo-user@gentoo.org mailing list
Is there any downside to enabling USE=hpn for openssh? Description is
here: http://www.psc.edu/networking/projects/hpn-ssh/.
Does anyone know why it isn't enabled by default?
Thanks,
Brian
--
gentoo-user@gentoo.org mailing list
The minimal USE flag might be nice to have.
james wrote:
Ryan Tandy gmail.com> writes:
USE=" -* hardened pic ncurses ssl acl crypt berkdb tcpd pam perl pcre python
readline bzip2 zlib apm krbr kerberos nptl nptlonly lm_sensors syslog "
Try tossing logrotate in there for kicks
I think I've answered my own question:
On my system, gzip is the only package that contains the pic USE flag.
Looking at the ebuild, the pic USE flag is used to tell the system not
to use the assembler code optimizations.
Presumably, assembler code can't be relocated.
Thanks,
Br
Rumen Yotov wrote:
Hi,
On Wed, 13 Sep 2006 12:36:45 + (UTC)
James <[EMAIL PROTECTED]> wrote:
Ryan Tandy gmail.com> writes:
Michael Crute wrote:
USE="-* hardened pic ncurses ssl crypt berkdb tcpd pam perl
python readline"
You could omit "pic" here IIRC (on a ha
Can one covert a non-hardended machine to use the hardended-profile, or
do you have to start from scratch?
Michael Crute wrote:
On 9/12/06, James <[EMAIL PROTECTED]> wrote:
I used 2006.1 livecd to install a pII machine. It's going
to become a (minimalistic) apache2 server. I just let the
ins
17 matches
Mail list logo
