-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
I'd recommend that you familiarize yourself with the documentation before
trying out the learning mode. It's not in the best state right now, but
there is enough there to get an idea where to start. Learning mode uses a
learning configuration fil
On Wednesday 25 October 2006 11:08, Paulo Roberto Candido dos Santos wrote:
> Hello, I think you might find this useful:
>
> iptables -N REJECT-SSH
> iptables -A REJECT-SSH -j DROP -m recent --rcheck --name SSH --seconds 60
> --hitcount 10
> iptables -A REJECT-SSH -j LOG --log-prefix SSH-Bruteforce
On Wednesday 25 October 2006 15:30, Marek Wróbel wrote:
> Jason Booth wrote:
> > Yeah that's exactly what i thought only match wasn't an option in the
> > config this time... possibly something got messed up in patching to
> > disable the option. I'll wipe the tarball and try again tonight.
>
> Las
So maybe I'm missing something. Is learning mode all you need to do to get
up and running? How much time did you spend tweaking the profile? Is it a
security no-no to ask to see your profile.
Thanks,
Brian
- Original Message -
From: <[EMAIL PROTECTED]>
To:
Sent: Sunday, October 29
kakou wrote:
I have a similar problem with setools-3 that need a selinuxfs and so
crash during compilation.
You should report this (with config.log) to [EMAIL PROTECTED]
--
gentoo-hardened@gentoo.org mailing list
7v5w7go9ub0o wrote:
There seems to be a reluctance among some old-timers to use the
hardened tools anywhere else but on a server - I'd guess that is a
holdover from the last decade when both Linux and the hardening tools
were being created. Today's (non-selinux) tools are easy to use, and
ar
On Vas, Október 29, 2006 16:19, 7v5w7go9ub0o wrote:
> If you are talking about Grsecurity (which has a learning mode that makes
> configuration very easy), and if your users are doing limited, standard
> things, then a strong Yes! (though IIUC, SeLinux is difficult to
> configure)
Strongly agree.
If you are talking about Grsecurity (which has a learning mode that makes
configuration very easy), and if your users are doing limited, standard
things, then a strong Yes! (though IIUC, SeLinux is difficult to
configure)
The RBAC protection will protect you if -you- or a trusted user doe
I'm hoping that chroot with the grsecurity kernel chroot enhancements
will protect me in that case.
Thanks,
Brian
Guillaume Castagnino wrote:
Hi,
hardening is not only to protect against your known users, but only from
external attackers !
If you have a flaw in one of your servers that can b
Le dimanche 29 octobre 2006 13:13, Panagiotis Atmatzidis a écrit :
> Guillaume Castagnino wrote:
> > Hi,
> >
> > hardening is not only to protect against your known users, but only
> > from external attackers !
> > If you have a flaw in one of your servers that can be remotely
> > exploited, harden
Guillaume Castagnino wrote:
Hi,
hardening is not only to protect against your known users, but only from
external attackers !
If you have a flaw in one of your servers that can be remotely
exploited, hardening your box will help you containing the attacker !
Regards,
Le dimanche 29 octobre
Hi,
hardening is not only to protect against your known users, but only from
external attackers !
If you have a flaw in one of your servers that can be remotely
exploited, hardening your box will help you containing the attacker !
Regards,
Le dimanche 29 octobre 2006 05:16, [EMAIL PROTECTED] a
[EMAIL PROTECTED] wrote:
I have a total of 3 non-root users, 1 is me, the 2 others are trusted
(i.e. family/friend). RBAC looks like it's more complex that I need and
want to deal with, and I'm I'm wondering if I should bother with this
with so few users.
Thoughts?
Thanks,
Brian
straight
It's not worthy I think. You may want some hardened features but just a few.On 10/29/06, [EMAIL PROTECTED]
<[EMAIL PROTECTED]> wrote:
I have a total of 3 non-root users, 1 is me, the 2 others are trusted (i.e. family/friend). RBAC looks like it's more complex that I need and want to deal with, and
14 matches
Mail list logo