Search found 172 matches

by unspawn
2013/08/25 19:28:51
Forum: CentOS 6 - Security Support
Topic: selinux don't let login with rsa key if user's home not in /home
Replies: 8
Views: 11252

Re: selinux don't let login with rsa key if user's home not in /home

[quote] borispr wrote: did not help also lost ability to log in via key to users with home in /home[/quote] Instead post the commands you ran, with the arguments and output from checking changes. You'll find custom file contexts in /etc/selinux/%{POLICY_NAME}/contexts/files/ BTW. [quote] borispr wro...
by unspawn
2013/08/25 12:57:24
Forum: CentOS 6 - Security Support
Topic: selinux don't let login with rsa key if user's home not in /home
Replies: 8
Views: 11252

selinux don't let login with rsa key if user's home not in /

Try adding the expected context to the directory, should look something like [code]semanage fcontext -a -t user_home_dir_t /data/home/[^/]*/.+[/code] and then restorecon it?
by unspawn
2013/08/25 10:28:46
Forum: CentOS 6 - Security Support
Topic: selinux don't let login with rsa key if user's home not in /home
Replies: 8
Views: 11252

Re: selinux don't let login with rsa key if user's home not in /home

[quote]borispr wrote: I can log in by rsa key as root, [/quote] Note denying root login over any network and using DSA pubkey auth are SSH best practices. [quote]borispr wrote: (..) if user's home directory is in the other place, I can log in only by password if to disable selinux key works How to f...
by unspawn
2013/08/24 15:37:21
Forum: CentOS 6 - Security Support
Topic: [rkhunter] Warnings after plesk upgrade to 11.5.3 and last centos' upgrade
Replies: 2
Views: 2158

[rkhunter] Warnings after plesk upgrade to 11.5.3 and last c

[quote][code][01:00:49] /usr/bin/GET [ Warning ] [01:00:49] Warning: The command '/usr/bin/GET' has been replaced by a script: /usr/bin/GET: a /usr/bin/perl -w script text executable [01:01:04] /sbin/ifdown [ Warning ] [01:01:04] Warning: The command '/sbin/ifdown' has been replaced by a script: /sb...
by unspawn
2013/08/03 14:05:21
Forum: CentOS 6 - Security Support
Topic: IPTables keeps clearing itself?
Replies: 8
Views: 8462

Re: IPTables keeps clearing itself?

[quote]TrevorH wrote:
Yes, /etc/sysconfig/iptables.save is the old ruleset from prior to the last run of `service iptables save`.[/quote]
Good to know, that.
by unspawn
2013/08/02 21:23:54
Forum: CentOS 6 - Security Support
Topic: IPTables keeps clearing itself?
Replies: 8
Views: 8462

IPTables keeps clearing itself?

[quote]This line: [b]/etc/init.d/iptables save[/b] It's won't save the rules to "iptables.save" located in /etc/sysconfig/.[/quote] On CentOS iptables uses /etc/sysconfig/iptables (for IPv4 rules) and not any other name. Whether rules are saved depends on [code]grep "^IPTABLES_SAVE_ON_STOP=" /etc/sy...
by unspawn
2013/07/13 07:57:05
Forum: CentOS 6 - Security Support
Topic: Enable No Execute (NX) protection against buffer overflow in Amazon AMI
Replies: 2
Views: 1824

Enable No Execute (NX) protection against buffer overflow in

No idea of the platform or kernel supports it but check the kernel.randomize_va_space and kernel.exec-shield sysctls?

//NTLB
by unspawn
2013/07/13 06:53:25
Forum: CentOS 6 - Security Support
Topic: selinux - allow domain usr_t : file
Replies: 4
Views: 2149

selinux - allow domain usr_t : file

[quote]stefcent wrote: From where the hell coming the "allow domain usr_t" rules from?[/quote] We don't know what daemon this is about so we can't tell if the daemon doesn't actually need access to /usr. Telling us isn't the same as providing a name and a verbose strace as "evidence". Also we don't ...
by unspawn
2013/06/16 10:33:14
Forum: CentOS 6 - Security Support
Topic: Blocked IP Redirect
Replies: 2
Views: 1017

Blocked IP Redirect

Blocking (as in -j DROP or REJECT) IP addresses at the network layer (the most efficient and most safe way BTW) prohibits any communication further up the network stack, meaning these requests never end up at the application level where you would be able to redirect them. At the network layer you co...
by unspawn
2013/06/16 10:19:01
Forum: CentOS 6 - Security Support
Topic: [RESOLVED] SELinux Policy - CentOS 6 and Plesk 11.0.9
Replies: 3
Views: 1142

[RESOLVED] SELinux Policy - CentOS 6 and Plesk 11.0.9

Instead of the AVC message you should pipe it through 'audit2allow -v': [code] #============= sshd_t ============== # src="sshd_t" tgt="mysqld_t" class="unix_stream_socket", perms="connectto" # comm="sshd" exe="" path="" allow sshd_t mysqld_t:unix_stream_socket connectto; [/code] and post [i]your un...

Go to advanced search