Search found 165 matches
- 2014/09/29 06:00:40
- Forum: CentOS 7 - Security Support
- Topic: Rk Hunter Warnings...
- Replies: 4
- Views: 8461
Re: Rk Hunter Warnings...
See the RKH FAQ or rkhunter-users mailing list archive for "ALLOWHIDDENFILE".
- 2014/08/25 18:04:08
- Forum: CentOS 7 - Security Support
- Topic: cups - disable v. remove
- Replies: 1
- Views: 11068
Re: cups - disable v. remove
I'm no expert but sure you could ditch CUPS that way. Problem is it might return as dependency on upgrade and I have no idea if adding it as an "exclude=cups" yum.conf will work or b0rk upgrading. (You'll have to test that yourself.)
- 2014/08/25 17:59:51
- Forum: CentOS 6 - Security Support
- Topic: Auditd - watch a specific file type
- Replies: 1
- Views: 1712
Re: Auditd - watch a specific file type
//Bit stale but since it is a 0-reply thread... My problem is that auditd does not accept "*" character. I can watch the whole directory but not only the .conf files. Apparently auditctl doesn't support shell globbing then. Apart from the fact the practice of watching user-owned files seems question...
- 2014/08/25 17:53:18
- Forum: CentOS 5 - Security Support
- Topic: Selinux and Fail2ban - Problem with IP routing action
- Replies: 1
- Views: 5534
Re: Selinux and Fail2ban - Problem with IP routing action
//Bit old but since it is a 0-reply thread... If I attempt to use the hosts.deny file to ban an IP address - sometimes it doesn't seem to work - and the hacking continues after fail2ban reports the IP is banned. Please use iptables rules (or better: ipset which fail2ban supports) and not tcp_wrapper...
- 2014/06/18 21:30:18
- Forum: CentOS 6 - Security Support
- Topic: Malware alert
- Replies: 3
- Views: 3771
IptabLex, IptabLes
Compromises leaving .IptabLes and .IptabLex binaries (with or without dot) in /, /boot, /etc and or /usr seem to be quite common: http://ubuntuforums.org/showthread.php?t=2226673 http://www.linuxquestions.org/questions/slackware-14/slackware-box-possibly-infected-how-do-i-monitor-tcp-connections-417...
- 2014/06/15 10:30:26
- Forum: CentOS 6 - Security Support
- Topic: Best way to secure CentOS when running Apache Tomcat
- Replies: 3
- Views: 2458
Re: Best way to secure CentOS when running Apache Tomcat
What is the best way to secure CentOS whilst allowing Tomcat to Service http requests? See the CentOS documentation (security, hardening, auditing), use a benchmark (CISecurity, OWASP) and test your setup (OpenVAS?). Wrt Tomcat see its own security documentation and ponder if running it behind a re...
- 2014/05/24 11:13:24
- Forum: CentOS 6 - Security Support
- Topic: Help with selinux. Allow file execution in /etc/security
- Replies: 1
- Views: 4730
Re: Help with selinux. Allow file execution in /etc/security
Running the AVC messages through audit2allow yields four rules: allow crond_t local_login_t:file execute; allow unconfined_t local_login_t:file execute; allow xdm_t local_login_t:file execute; allow local_login_t self:file execute_no_trans; basically allowing three domains, including unconfined_t, t...
- 2014/05/24 10:52:43
- Forum: CentOS 6 - Security Support
- Topic: [SOLVED] Denyhosts 'bug'/curiosity
- Replies: 2
- Views: 1204
Re: Denyhosts 'bug'/curiosity
Please be aware OpenSSH seems intent on removing tcp_wrappers support, as does Fedora. Maybe that could be your cue to investigate alternatives like fail2ban.
- 2014/05/24 10:50:29
- Forum: CentOS 5 - Security Support
- Topic: High Httpd actvity crashing server
- Replies: 2
- Views: 5054
Re: High Httpd actvity crashing server
We have seen an increasing number of server crashes and after various checks of the logs, (..) installation of ClamAV, LMD and RKHunter (which did find some Trojans and Suspect software), It would have been helpful if you actually posted what it found. I have traced it down to some external Http ac...
- 2014/04/05 11:33:47
- Forum: CentOS 6 - Security Support
- Topic: [ADDRESSED] Configure audit logging to a (central) server
- Replies: 16
- Views: 14663
Re: Configure audit logging to a remote (central) server
Has anyone got any idea whether or not logging from several client machines running auditd can send their audit_log results to a central server? See the 'audisp-remote' plugin? I would prefer to keep all auditing protected from prying eyes Check netstat for the protocol it uses to relay data, then ...