Question about file permissions
in [Suse]
|
From: J G Miller on 14 Apr 2010 18:39 On Wed, 14 Apr 2010 22:50:49 +0100, Ulick Magee wrote: > It is true that it is not sufficient to rely on obscurity for your > security, which is what the phrase is intended to mean - it doesn't mean > that obscurity can never be used, but it cannot be relied upon alone. Exactly! The best security combines strong encryption with obscurity -- obscurity so that the door is difficult to locate and thus deters opportunistic crackers and denial of service type attacks, and encryption so that the lock is practically impossible to pick by the determined cracker. > It's a tool but it's not security, it can be useful *as well* as > sufficient security measures but isn't a substitute for them. When people understand this, there should be no further argument about obscurity, and what people should be concentrating on is how to make their systems more secure with multiple barriers.
From: Vahis on 17 Apr 2010 08:30 On 2010-04-14, Moe Trin <ibuprofin(a)painkiller.example.tld.invalid> wrote: > On Mon, 12 Apr 2010, in the Usenet newsgroup alt.os.linux.suse, in article ><slrnhs74ti.5jv.houghi(a)penne.houghi>, houghi wrote: > >>Moe Trin wrote: > >>> Block IP Addresses based on login or access information in system logs. >> > Just how do you think this application works? I'll admit that the > documentation sucks, but there are enough details to tell you that > it's reading logs. Since blockhosts was brought up in this thread and I had, like I said, forgotten to install it on my upgraded system, I did it now. Like you say, the documentation sucks. I had to think hard to remember how it was done, and once it works just fine now, I made notes for future memory black-outs: http://waxborg.servepics.com/howto/harden-ssh It's a simple guide for installing in openSUSE and configuring for ssh. (it can do more but I use it only for ssh) Vahis -- http://waxborg.servepics.com openSUSE 11.2 (x86_64) 2.6.31.12-0.2-default 15:21pm up 22 days 18:39, 14 users, load average: 0.06, 0.06, 0.07
From: Vahis on 17 Apr 2010 11:57 On 2010-04-17, houghi <houghi(a)houghi.org.invalid> wrote: > Vahis wrote: >> I had to think hard to remember how it was done, and once it works just >> fine now, I made notes for future memory black-outs: >> >> http://waxborg.servepics.com/howto/harden-ssh >> >> It's a simple guide for installing in openSUSE and configuring for ssh. > > Blockhosts does not need to be launched at boot. It is triggerd by the > line `sshd : ALL: spawn /usr/bin/blockhosts.py & : allow` in > /etc/hosts.allow as soon as there is a connection. O.K. I wasn't sure. It won't harm anyway. I changed the instructions a bit there. Vahis -- http://waxborg.servepics.com openSUSE 11.2 (x86_64) 2.6.31.12-0.2-default 18:55pm up 22 days 22:13, 15 users, load average: 0.40, 0.17, 0.12
From: David Bolt on 17 Apr 2010 14:23 On Saturday 17 Apr 2010 16:57, while playing with a tin of spray paint, Vahis painted this mural: > On 2010-04-17, houghi <houghi(a)houghi.org.invalid> wrote: >> Blockhosts does not need to be launched at boot. It is triggerd by the >> line `sshd : ALL: spawn /usr/bin/blockhosts.py & : allow` in >> /etc/hosts.allow as soon as there is a connection. > > O.K. I wasn't sure. It won't harm anyway. > I changed the instructions a bit there. And, just to be a pain in the rear, I added it to the buildservice. It is available now for releases from openSUSE 11.0 to Factory, and SLED 10 and 11. I was a bit undecided as to whether removing the package should clear out the stuff it adds to /etc/hosts.allow and, in the end, decided it should. And so there I learnt a bit more on building spec files and the use of sed. And finally, just for some laughs, I did a quick test using a virtual machine and, after multiple failed login attempts, it locked me out as it should :) Regards, David Bolt -- Team Acorn: www.distributed.net OGR-NG @ ~100Mnodes RC5-72 @ ~1Mkeys/s openSUSE 11.0 32b | | | openSUSE 11.3M4 32b openSUSE 11.0 64b | openSUSE 11.1 64b | openSUSE 11.2 64b | TOS 4.02 | openSUSE 11.1 PPC | RISC OS 4.02 | RISC OS 3.11
From: Vahis on 17 Apr 2010 14:59
On 2010-04-17, David Bolt <blacklist-me(a)davjam.org> wrote: > On Saturday 17 Apr 2010 16:57, while playing with a tin of spray paint, > Vahis painted this mural: > >> On 2010-04-17, houghi <houghi(a)houghi.org.invalid> wrote: > >>> Blockhosts does not need to be launched at boot. It is triggerd by the >>> line `sshd : ALL: spawn /usr/bin/blockhosts.py & : allow` in >>> /etc/hosts.allow as soon as there is a connection. >> >> O.K. I wasn't sure. It won't harm anyway. >> I changed the instructions a bit there. > > And, just to be a pain in the rear, I added it to the buildservice. It > is available now for releases from openSUSE 11.0 to Factory, and SLED > 10 and 11. O.K. I made an update: http://waxborg.servepics.com/opensuse/blockhosts > > I did a quick test using a virtual > machine and, after multiple failed login attempts, it locked me out as > it should :) I changed to yours and ditto :) Vahis -- http://waxborg.servepics.com openSUSE 11.3 Milestone 5 (x86_64) 2.6.34-rc3-3-default 21:56pm up 2:38, 4 users, load average: 0.00, 0.00, 0.00 |