Search found 37 matches
- 2018/11/02 16:06:46
- Forum: CentOS 7 - Security Support
- Topic: shim fails to load MokManager
- Replies: 14
- Views: 10890
Re: shim fails to load MokManager
So one TPM with a BIOS setting to change its mode and the right mode needs to be chosen. I understand his post now. My TPM chip is 2.0 though. I can convert it to a v1.2 TPM chip. Is there something wrong with 2.0? My TPM chip was freshly installed into the machine. The machine never had a TPM chip...
- 2018/10/31 21:10:30
- Forum: CentOS 7 - Security Support
- Topic: shim fails to load MokManager
- Replies: 14
- Views: 10890
Re: shim fails to load MokManager
I've seen this on Lenovo T460p laptop provided by my empoloyer. The workaround which works for me is to switch TPM from Intel PTT to discrete TPM 1.2 chip in the BIOS. Downgrade is also another option but unfortunately this prevents kernel upgrade. Are you saying you have two TPM chips in your lapt...
- 2018/10/25 17:14:55
- Forum: CentOS 7 - Security Support
- Topic: Help understanding iptables -L
- Replies: 9
- Views: 10254
Re: Help understanding iptables -L
The top set? They look fairly nearly identical to the default rules you get when you install using iptables-services in the first place. Yes, I disabled firewalld and installed the iptables-services and ip6tables-services, then modified the default rules. To me, they look pretty secure and seem to ...
- 2018/10/20 06:23:27
- Forum: CentOS 7 - General Support
- Topic: help with sed
- Replies: 1
- Views: 621
Re: help with sed
It might not be the best solution, but I believe I have it now. This is my new script: IP_ADDR=$( grep -o -E '192\.168\.2\.([0-9]|[1-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-4])\b' fake_ips | tr '\n' ' '|sed -e 's/[[:space:]]*$//' ) SSHD_CONFIG="sshd_config.test" function update_sshd_config() { EXPANDED...
- 2018/10/20 06:07:00
- Forum: CentOS 7 - General Support
- Topic: help with sed
- Replies: 1
- Views: 621
help with sed
Hi! Not sure if this is the right place to ask but I couldn't really think of any others. I have a script that searches for a string in a file. If it finds the string, it replaces the string with a variable in the script. The variable in the script can (but doesn't mean it will) contain multiple wor...
- 2018/10/20 03:01:49
- Forum: CentOS 7 - Security Support
- Topic: Help understanding iptables -L
- Replies: 9
- Views: 10254
Re: Help understanding iptables -L
I figured out the ssh port stuff. Does that iptables rules look good?
- 2018/10/19 23:09:30
- Forum: CentOS 7 - Security Support
- Topic: Help understanding iptables -L
- Replies: 9
- Views: 10254
Re: Help understanding iptables -L
Would something like this be a secured start? *filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [0:0] -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT -A INPUT -p icmp -j ACCEPT -A INPUT -i lo -j ACCEPT -A INPUT -p tcp -m tcp --dport <my sshd port> --source 192.168.2.0/24 -j AC...
- 2018/10/19 23:05:07
- Forum: CentOS 7 - Security Support
- Topic: Help understanding iptables -L
- Replies: 9
- Views: 10254
Re: Help understanding iptables -L
I found an article on digital ocean, https://www.digitalocean.com/community/tutorials/a-deep-dive-into-iptables-and-netfilter-architecture It provides answers to a lot of my questions. For the ssh connection, I'd want it in the INPUT chain and the filter table. So now I can look at the iptables fire...
- 2018/10/19 22:31:27
- Forum: CentOS 7 - Security Support
- Topic: Help understanding iptables -L
- Replies: 9
- Views: 10254
Re: Help understanding iptables -L
It's ever so much easier to read if you post the output from the iptables-save command. Despite its name it just prints the rules to stdout. Oh, and all those rules make it look like you're running firewalld in which case you should not be fiddling with the rules behind its back with iptables. Fire...
- 2018/10/19 16:58:20
- Forum: CentOS 7 - Security Support
- Topic: Help understanding iptables -L
- Replies: 9
- Views: 10254
Help understanding iptables -L
Hi! I have a server I am running and I struggle a little bit understanding iptables. Currently, I would like to deny all traffic coming from the outside my private network (unless I make the connection), and I'd like to open one port for a daemon I'm running, but only allow connections from the loca...