Your understanding of permissions is a bit off. What's the point of 701? 511/444 for files/dirs will perform just as well, and be logical too! If you want it really safe, then chattr +i, and ensure the partitions are mounted noatime. Obviously it'll be a pain to maintain the site, but the chances of it being hacked will diminish dramatically. Who said security was easy (:
Given your previous posts, would it now be possible to put together a boilerplate response kit which would vastly reduce the cost and time of putting up said credible resistance?
Also, will the repeated threat of section 11 judgements affect the credibility of the RIAA's lawyers?
Your taxpaying pounds support BECTA ( http://becta.org.uk/ ). Slogan: "Becta is the government agency leading the national drive to ensure the effective and innovative use of technology throughout learning."
Why on earth are you asking us when you have resources like these available!
So you're going to run gmail internally, and your own mail server externally, or everything off gmail? One's a nightmare to administer, the other doesn't really look that professional!
Only if they use bind on linux, and even then my zones are under/etc/bind/namedb... and you'd have to update the serial to get it to propagate, too.
Re:This is the last time I'm explaining it to you.
on
Hardening Linux
·
· Score: 1
You're the one who's wrong. You should run nmap on your internet-facing iterface. Why? Bacause it should you all the services that you're running, and those are the one's that you need to guard against. Running form a remote server is also useful - although you need to use a lot of switches and time to be sure you've checked everything - BUT you're then also relying on the services of your ISP's firewall, which a) may change and b) may get inadvertently screwed. If you're not sure you've sorted your own services, then you're taking an unnnecessary risk. And that, as any experienced administrator will tell you, will always bite you in the ass when you least expect it.
Use all the available information - it's all relevant.
I'd always thought that it was an IP based rbl - blocking the ip address, and not the domain name. As such, it's identifying servers ( or bots, whatever ) that are behaving badly. Which sounds good to me.
'1. Identify the target IP address' It's a *distributed* attack. That means more than one address. A lot more.
'or just tcpdump if you're good with sed and awk.' You're going to be able to do this on 1.6Gbit of traffic in realtime? That's good typing.
'The easiest solution- block all IP addresses assigned to the APNIC region and watch as your site immediately returns to normal.' FUD. This is a botnet attack. Most owned PC's live in the US. It's this kind of thinking that has forced us to run our servers in the US, because as everyone knows, New Zealand is in Asia.
I've now read the 'article' 4 times, and can find no description of the tests anywhere. Sure, there's a blog mentiones, but there's nothing anywhere! HOW ON EARTH are readers supposed to add to these results.
Shall I now go off and write a fictional article about how wonderful LAMP is and desctibe the results of the tests I ran on my (purely finctional) quad opterons that I have racked up at home???
There is absolutely no credibility to this article. How did it ever get published?
The obvious difference between junk snail mail and spam being, of course, that with one, the sender is bearing all of the costs, and with spam, the recipient has to pay, directly or indirectly to receive it. Whether they want it or not.
Slashdot Mirror
Until you read the job description, which usually includes Active Directory, MS SQLServer, and so on. Drives me to distraction.
Apart from the required developers skillset, I'd look closely at the performance hit that all those TCP stacks will cause.
doesnt that limit firmware to authorised versions only...
Sorry, I'll take OpenSSL over any DJBness any time!
No, the first thing you do is to dump apache, use nginx, and run in fpm mode. That way you can actually see what's happening.
3HP and it'll do 25mph. Impressive.
Your understanding of permissions is a bit off. What's the point of 701? 511/444 for files/dirs will perform just as well, and be logical too! If you want it really safe, then chattr +i, and ensure the partitions are mounted noatime. Obviously it'll be a pain to maintain the site, but the chances of it being hacked will diminish dramatically. Who said security was easy (:
...doesn't bing run on linux anyway?
Given your previous posts, would it now be possible to put together a boilerplate response kit which would vastly reduce the cost and time of putting up said credible resistance?
Also, will the repeated threat of section 11 judgements affect the credibility of the RIAA's lawyers?
Your taxpaying pounds support BECTA ( http://becta.org.uk/ ). Slogan: "Becta is the government agency leading the national drive to ensure the effective and innovative use of technology throughout learning."
Why on earth are you asking us when you have resources like these available!
Why not run your own??
As TiO2 is the main pigment in white paint, does this mean that a quick coat of emulsion will clean up all our cities???
I use mailwasher. http://mailwasher.sourceforge.net/
We could send up a group of octogenarian actors in a shuttle... whadya mean it's already been done!
So you're going to run gmail internally, and your own mail server externally, or everything off gmail? One's a nightmare to administer, the other doesn't really look that professional!
Only if they use bind on linux, and even then my zones are under /etc/bind/namedb... and you'd have to update the serial to get it to propagate, too.
You're the one who's wrong. You should run nmap on your internet-facing iterface. Why? Bacause it should you all the services that you're running, and those are the one's that you need to guard against. Running form a remote server is also useful - although you need to use a lot of switches and time to be sure you've checked everything - BUT you're then also relying on the services of your ISP's firewall, which a) may change and b) may get inadvertently screwed. If you're not sure you've sorted your own services, then you're taking an unnnecessary risk. And that, as any experienced administrator will tell you, will always bite you in the ass when you least expect it.
Use all the available information - it's all relevant.
I'd always thought that it was an IP based rbl - blocking the ip address, and not the domain name. As such, it's identifying servers ( or bots, whatever ) that are behaving badly. Which sounds good to me.
I thought it was just me!
'1. Identify the target IP address'
It's a *distributed* attack. That means more than one address. A lot more.
'or just tcpdump if you're good with sed and awk.'
You're going to be able to do this on 1.6Gbit of traffic in realtime? That's good typing.
'The easiest solution- block all IP addresses assigned to the APNIC region and watch as your site immediately returns to normal.'
FUD. This is a botnet attack. Most owned PC's live in the US. It's this kind of thinking that has forced us to run our servers in the US, because as everyone knows, New Zealand is in Asia.
I'm glad you're not supporting our networks (:
That's one rich university you're at then!
I think it's about time Mr. D stopped commenting on anything technical, and found a subject that can be dumbed down to his level.
I'd have thought subversion would be a better option (:
I've now read the 'article' 4 times, and can find no description of the tests anywhere. Sure, there's a blog mentiones, but there's nothing anywhere! HOW ON EARTH are readers supposed to add to these results.
Shall I now go off and write a fictional article about how wonderful LAMP is and desctibe the results of the tests I ran on my (purely finctional) quad opterons that I have racked up at home???
There is absolutely no credibility to this article. How did it ever get published?
The obvious difference between junk snail mail and spam being, of course, that with one, the sender is bearing all of the costs, and with spam, the recipient has to pay, directly or indirectly to receive it. Whether they want it or not.