Search found 172 matches

by unspawn
2014/09/29 06:00:40
Forum: CentOS 7 - Security Support
Topic: Rk Hunter Warnings...
Replies: 4
Views: 6766

Re: Rk Hunter Warnings...

See the RKH FAQ or rkhunter-users mailing list archive for "ALLOWHIDDENFILE".
by unspawn
2014/08/25 18:04:08
Forum: CentOS 7 - Security Support
Topic: cups - disable v. remove
Replies: 1
Views: 8328

Re: cups - disable v. remove

I'm no expert but sure you could ditch CUPS that way. Problem is it might return as dependency on upgrade and I have no idea if adding it as an "exclude=cups" yum.conf will work or b0rk upgrading. (You'll have to test that yourself.)
by unspawn
2014/08/25 17:59:51
Forum: CentOS 6 - Security Support
Topic: Auditd - watch a specific file type
Replies: 1
Views: 1289

Re: Auditd - watch a specific file type

//Bit stale but since it is a 0-reply thread... My problem is that auditd does not accept "*" character. I can watch the whole directory but not only the .conf files. Apparently auditctl doesn't support shell globbing then. Apart from the fact the practice of watching user-owned files seems question...
by unspawn
2014/08/25 17:53:18
Forum: CentOS 5 - Security Support
Topic: Selinux and Fail2ban - Problem with IP routing action
Replies: 1
Views: 4604

Re: Selinux and Fail2ban - Problem with IP routing action

//Bit old but since it is a 0-reply thread... If I attempt to use the hosts.deny file to ban an IP address - sometimes it doesn't seem to work - and the hacking continues after fail2ban reports the IP is banned. Please use iptables rules (or better: ipset which fail2ban supports) and not tcp_wrapper...
by unspawn
2014/06/18 21:30:18
Forum: CentOS 6 - Security Support
Topic: Malware alert
Replies: 3
Views: 3140

IptabLex, IptabLes

Compromises leaving .IptabLes and .IptabLex binaries (with or without dot) in /, /boot, /etc and or /usr seem to be quite common: http://ubuntuforums.org/showthread.php?t=2226673 http://www.linuxquestions.org/questions/slackware-14/slackware-box-possibly-infected-how-do-i-monitor-tcp-connections-417...
by unspawn
2014/06/15 10:30:26
Forum: CentOS 6 - Security Support
Topic: Best way to secure CentOS when running Apache Tomcat
Replies: 3
Views: 1977

Re: Best way to secure CentOS when running Apache Tomcat

What is the best way to secure CentOS whilst allowing Tomcat to Service http requests? See the CentOS documentation (security, hardening, auditing), use a benchmark (CISecurity, OWASP) and test your setup (OpenVAS?). Wrt Tomcat see its own security documentation and ponder if running it behind a re...
by unspawn
2014/05/24 11:13:24
Forum: CentOS 6 - Security Support
Topic: Help with selinux. Allow file execution in /etc/security
Replies: 1
Views: 4109

Re: Help with selinux. Allow file execution in /etc/security

Running the AVC messages through audit2allow yields four rules: allow crond_t local_login_t:file execute; allow unconfined_t local_login_t:file execute; allow xdm_t local_login_t:file execute; allow local_login_t self:file execute_no_trans; basically allowing three domains, including unconfined_t, t...
by unspawn
2014/05/24 10:52:43
Forum: CentOS 6 - Security Support
Topic: [SOLVED] Denyhosts 'bug'/curiosity
Replies: 2
Views: 891

Re: Denyhosts 'bug'/curiosity

Please be aware OpenSSH seems intent on removing tcp_wrappers support, as does Fedora. Maybe that could be your cue to investigate alternatives like fail2ban.
by unspawn
2014/05/24 10:50:29
Forum: CentOS 5 - Security Support
Topic: High Httpd actvity crashing server
Replies: 2
Views: 4069

Re: High Httpd actvity crashing server

We have seen an increasing number of server crashes and after various checks of the logs, (..) installation of ClamAV, LMD and RKHunter (which did find some Trojans and Suspect software), It would have been helpful if you actually posted what it found. I have traced it down to some external Http ac...
by unspawn
2014/04/05 11:33:47
Forum: CentOS 6 - Security Support
Topic: [ADDRESSED] Configure audit logging to a (central) server
Replies: 16
Views: 12753

Re: Configure audit logging to a remote (central) server

Has anyone got any idea whether or not logging from several client machines running auditd can send their audit_log results to a central server? See the 'audisp-remote' plugin? I would prefer to keep all auditing protected from prying eyes Check netstat for the protocol it uses to relay data, then ...

Go to advanced search