switch to room list switch to menu My folders
Go to page: First ... 111 112 113 114 [115] 116 117 118 119 ... Last
[#] Tue Jan 27 2015 06:22:46 EST from fleeb @ Uncensored

[Reply] [ReplyQuoted] [Headers] [Print]

They seem to have a pretty good run, but Solaris will not likely shift to that model. We'll have init scripts for a long time yet.

[#] Wed Jan 28 2015 08:53:13 EST from fleeb @ Uncensored

[Reply] [ReplyQuoted] [Headers] [Print]

Uh oh:

Make sure you update.

[#] Thu Apr 30 2015 21:36:19 EDT from Sig @ Uncensored

[Reply] [ReplyQuoted] [Headers] [Print]

Can anyone recommend a good primer or even just checklist for enumerating services and getting a good start on locking down Red Hat-style Linux? Bonus points if it employs primarily commonly available command line tools. I'm much more familiar with Debian variants, but that's not likely to be the environment, and I'm not really a security guru.

[#] Fri May 01 2015 08:32:57 EDT from fleeb @ Uncensored

[Reply] [ReplyQuoted] [Headers] [Print]

Hrm... I don't expect you're looking for something like:

ls /etc/init.d

(by way of enumerating services)

[#] Fri May 01 2015 08:34:05 EDT from fleeb @ Uncensored

[Reply] [ReplyQuoted] [Headers] [Print]

Gah, I didn't even get that right...

ls /etc/rc.d/init.d

[#] Fri May 01 2015 08:36:24 EDT from fleeb @ Uncensored

[Reply] [ReplyQuoted] [Headers] [Print]

This said, apparently, Red Hat prefers 'systemctl' commands.

To list services:

systemctl list-unit-files --type service

unless you're talking about an old Red Hat. Older Red Hat apparently did:

chkconfig --list

[#] Fri May 01 2015 08:36:57 EDT from fleeb @ Uncensored

[Reply] [ReplyQuoted] [Headers] [Print]

(src: System_Administrators_Guide/sect-Managing_Services_with_systemd-Services.html


[#] Fri May 01 2015 10:52:29 EDT from LoanShark @ Uncensored

[Reply] [ReplyQuoted] [Headers] [Print]

netstat -an | grep LISTEN. Find out what process owns those ports, whether they are truly necessary for your use case, and if not, shut them down.

next, think about local security. Can you enable selinux in strict mode without breaking anything critical?

Red Hat used to have a simple "enable the firewall" script that would install some basic packet filters. I don't remember the name of it anymore, might have been system-config-firewall

Use the "find" command to hunt down setuid/setgid binaries that might not be necessary.

This is basic stuff. I'm not a security guru anymore, if I ever was. Google "Red Hat hardening" or something.

[#] Fri May 01 2015 21:17:13 EDT from Sig @ Uncensored

[Reply] [ReplyQuoted] [Headers] [Print]

Thank you. At the least, those give me more useful search terms.

[#] Sun May 03 2015 02:10:29 EDT from ax25 @ Uncensored

[Reply] [ReplyQuoted] [Headers] [Print]

List listening sockets and proggies):

netstat -aonp

List the users of the port, and userid:

lsof -ni :portnumber
lsof -ni :25

Show the individual process info:

cat /proc/[pid]/cmdline
cat /proc/11104/cmdline

(and many other items under /proc/[pid] that interest you (cat is your friend).

Feel free to share anything you learn as well.

[#] Sun May 03 2015 07:52:32 EDT from dothebart @ Uncensored

[Reply] [ReplyQuoted] [Headers] [Print]

the citadel faq has the most important ones:

[#] Fri May 08 2015 11:55:50 EDT from IGnatius T Foobar @ Uncensored

[Reply] [ReplyQuoted] [Headers] [Print]

So I finally booted up the Pi that I got for Christmas. But I only had a 2 GB SDcard so I moved my root filesystem to a 250 GB external USB drive.
It was really easy. Everything behaved as I expected it to. All I had to do was rsync to the new filesystem, identify its UUID, call for its mount as rootfs in its own /etc/fstab and in the Pi's boot partition, and reboot.

I like it this way better. The SDcard is /boot and nothing else.

[#] Fri May 08 2015 11:56:56 EDT from IGnatius T Foobar @ Uncensored

[Reply] [ReplyQuoted] [Headers] [Print]

(And yes, it was sooooo satisfying to be able to type "apt-get install citadel-client" on the Pi and get a precompiled Citadel client fed back to me, even though none of us on the project have ever explicitly built on this platform before!)

[#] Sat May 09 2015 14:21:26 EDT from dothebart @ Uncensored

[Reply] [ReplyQuoted] [Headers] [Print]


Fri May 08 2015 11:56:56 EDT from IGnatius T Foobar @ Uncensored

(And yes, it was sooooo satisfying to be able to type "apt-get install citadel-client" on the Pi and get a precompiled Citadel client fed back to me, even though none of us on the project have ever explicitly built on this platform before!)

And that without java - compile once debug everywhere ;-)

[#] Sat May 09 2015 22:34:26 EDT from IGnatius T Foobar @ Uncensored

[Reply] [ReplyQuoted] [Headers] [Print]

That's not really a fair comparison.  Sure, the Debian repository is available on every platform, but it's native, so it's compile everywhere debug everywhere.

Java's bad reputation has everything to do with the smear campaign orchestrated against it in the 1990's.  Since then it has become the lingua franca of business logic anyway.

[#] Tue May 12 2015 11:25:34 EDT from LoanShark @ Uncensored

[Reply] [ReplyQuoted] [Headers] [Print]

Not really. The phrase "compile once, debug everywhere" had a lot of truth to it, borne out by bad experiences with AWT, which turned out to be not be such a panacea for cross-platform portability as was first hoped. It's *hard* to build a cross-platform window toolkit in a way that respects the native look-and-feel of all platforms.

"Compile once, debug everywhere" is *absolutely not true in the same sense* when applied to server-side java, which has proven highly portable.

[#] Thu May 14 2015 11:36:39 EDT from IGnatius T Foobar @ Uncensored

[Reply] [ReplyQuoted] [Headers] [Print]

That much is very true. AWT was a pain in the neck to test everywhere. And although one could argue "AWT is *not* Java" -- and be correct about that -- AWT was a big part of the initial Java experience for a lot of people.
It was released at a time when there was such a thing as

" native look and feel "

As we all know ... there is no longer any such thing. Web based applications broke everyone's addiction to needing the exact same widget set on every application.
Nowadays, developers use whatever chrome they want. As a result, an application written in Java that uses SWT, say on Windows for example, looks no more "foreign" than Microsoft Office.

The result ... even on the desktop, Java applications now look the same everywhere, because they use the same widget set (and therefore the same pixel-by-pixel dimensions of every widget) on every platform. I like it.

[#] Thu May 14 2015 23:37:01 EDT from ax25 @ Uncensored

[Reply] [ReplyQuoted] [Headers] [Print]

I liked the fact that the Blackdown Java on Linux allowed me to have a Linux workstation and do Java development for Windows back in the late 90's.  It was fun having Linux servers push out Jar files to remote web servers via JWS, allowing branch locations running Windows clients to update software in the middle of the work day.

For all the faults people find with Java / Java Web Start and all that, I was able to make some use of it and do some pretty cool testing / release cycles that I have been hard pressed to duplicate (outside of the LAMP stack world).

[#] Fri May 22 2015 15:01:46 EDT from ugh @ Uncensored

[Reply] [ReplyQuoted] [Headers] [Print]

I have been trying to install Citadel with LDAP support.  I can install the mail server without fine.  I can interact and query the LDAP just fine.  When I install Citadel with LDAP support it hangs at install when it gets to 95 percent complete or restarting server....any idea why?

[#] Fri May 22 2015 15:03:07 EDT from dothebart @ Uncensored

[Reply] [ReplyQuoted] [Headers] [Print]

from that amount of information - no.

Go to page: First ... 111 112 113 114 [115] 116 117 118 119 ... Last