Newest security Questions

Q&A for system and network administrators

NGINX+PHP-FPM: Is it possible associate php-fpm PID to access log entry?

We have been using NGINX and php-fpm. We've been noticing that some requests are hanging up for a long time (10+, 20+ minutes...) via top command. Also, some suspect requests (I mean bots) were ...

Configure CentOS 6.8 client joined to Active Directory to use LDAPS?

I'm struggling to find a simple explanation on how to configure a CentOS 6.8 machine to use LDAPS to query Active Directory running on a Windows 2012 R2 Domain Controller. I've joined the Linux ...

Can a hacker determine all ports forwarded for remote desktop?

We have a client who insists on having 6-7 lan PCs open to the internet for RDP. The RDP listening ports on each PC has been changed from default. These ports are forwarded in their Sonicwall TZ200 FW....

Tracking server invasion [duplicate]

I manage a private GNU/Linux server, that only I (should) have access. Over the last few months, it got invaded a few times, always by the same person (he/she runs the same application every time). ...

vServer with Centos 7.3 SELinux 2.5 don't get active

I get a new vServer with Centos 7.3. and SELinux 2.5.* . I would like to get SELinux to be active to get greater access control over my server, but nothing works. If I check SELinux Mode and enter ...

Limits configured but not applied to a daemon

On my CentOS 7, I use cat /proc/<pid>/limits to see the actuel limit set. I got confirmation that this method is totally accurate here because I'm using it on MySQL, which can't dump a specific ...

Windows file / folder Auditing not working if member of AD domain

I need to implement file / folder auditing for Windows 7-10 workstations so that all access by members of Domain Admins (read, write/modify, create, delete) is logged. I have enabled "Audit object ...

Give a Windows 2008 VM Internet access but block Host LAN access?

Securing a guest VM to give it internet access, but block access to host LAN The above was a similar question asked for Linux but the following has specifics that are different. We need to have ...

First I couldn't get a login screen for PHPMYADMIN after setting passwords for every user, now the MYSQL server won't even start- what is to do?

First I couldn't get a login screen for PHPMYADMIN after setting passwords for every user, now the MYSQL server won't even start- what is to do? I even changed the MySQL Database read and write ...

Finding the location of a running perl script spawned by nginx

I have a Linux box that has been infected by what looks like to be some form of bot. I can see a couple of suspect processes via top 1819 nginx 20 0 40680 6744 2200 S 0.7 0.1 0:01.44 ...

Protect server ports from being used for attacks [on hold]

I'm a programmer and I just know some basic & web development related thing like managing dns, adding websites to iis &... I have had two different servers and both of them was shut down ...

LmCompatibilityLevel to be applied to client, domain controller or both?

I'd like to apply LmCompatibilityLevel = 5 to my domain but I am not sure if this is to be applied to all clients (via GPO), domain controllers only or to both. I am a little confused as the TechNet ...

Simple solution to get notification when certain events appear in Windows logs [closed]

What is the most simple way to get a notification when specific events appear on Windows logs - anywhere on a windows network.

Why should my web server be on a seperate network? (Azure)

Just to start, I fully understand that a webserver should be on a seperate network, in the DMZ, not connected to the domain (or at least in a different forest). However, Im website developer and ...

Config.php file has Mysql password in plain text, is this wise?

Title basically says it all, the default config.php file created when installing the CRM product/frontend (SugarCRM) that my client purchased has the MySQL db user's password stored in it in plain ...

IP addresses denied in /etc/hosts.allow appear in /etc/csf/csf.deny?

I modify my /etc/hosts.allow file as sshd : 192.168.0.0/255.255.255.0 : allow sshd : xxx.xxx.xxx.* : allow sshd : ALL : deny (where the xxx represent my actual IP address numbers and the wildcard * ...

assessing the security concerns for running an own email server [closed]

I'm working at a small research center that has to manage a lot of things independently on a tight budget. One of these is all things IT infrastructure, including web and email hosting. Though I've ...

Have I been hacked? [on hold]

What is GOLD-EPISODE-155902 I recently logged into Google Console and it took me directly to the API MANAGER page under a PROJECT NAME I have never seen before and have never created. GOLD-EPISODE-...

nftables configuration - allow mac on tcp port

im new in firewalls etc. readed nftables quick reference how to allow only my mac address (my device - laptop, phone etc.). allow my mac to access ssh port (port:22) tried that: ether saddr 00:00:...

With iptables, is there a way for accept only one specific ip for all protocol and all ports ?

The question is in the title :) Concretely, I want configure a new remote server. I like take my time and security :p so , I want allow access only for my local ip during installation and ...

OpenVPN: different users suppose to have access to different networks

I have OpenVPN server that have access to networks: 1.1.1.0/24 2.2.2.0/24 Also I have 2 OpenVPN users: userA: can access only to network 1.1.1.0/24 userB: can access only to network 2.2.2.0/24 How ...

Securing a simple Linux server that holds a MySQL database?

A beginner question, but I've looked through many questions on this site and haven't found a simple, straightforward answer: I'm setting up a Linux server running Ubuntu to store a MySQL database. ...

Unable to verify signature (openssl)

I am trying to verify a signature, but get "unable to load key file." This is a CentOS server with OpenSSL version 1.0.2 (22 Jan 2015). The keys are generated like this: ssh-keygen -t rsa -f ...

Are zipped EXE files harmless for Linux servers?

I ran a malware scanner on my site, and it marked a bunch of zipped EXE files as potential risk files (these files got uploaded by users). Since I'm able to uncompress the files on my Mac I assume ...

How to forbid usbdisk in centos?

In win, we can use group policy, but my company use centos6.5 destop as os. My boss want to avoid information leak. Then, is there a method to forbid usbdisk in centos?

Monitoring unauthorised access using opennms/observer

I have recently started playing around with network managment tools (opennms and observer analyzer). I wanted to find out how would a network manager find out about unauthorised activity on the ...

Why is fail2ban finding but not banning

I noticed something strange on my Ubuntu Xenial server. It has SSH on the default port and it has fail2ban. Fail2ban is detecting brute force attempts on the server and are logged accordingly: 2017-...

Import and merge OLD customized Server 2012 CIS Benchmark GPO to SCM and merge with 2012 r2 baseline.

Our company is going through PCI 3.1 DSS compliance and I need to create a template/gpo of a hardened 2012 R2 server. We currently have a CIS benchmark with company specific settings that apply to ...

fail2ban not matching xmlrpc

I've added an xmlrpc jail for fail2ban to protect against a persistent attack. The apache access.log is as below... 191.96.249.80 - - [16/Dec/2016:14:54:21 +0000] "POST /xmlrpc.php HTTP/1.0" 403 469 "...

What next after a Windows domain account has been compromised?

We're preparing for a scenario when one of the accounts in a domain gets compromised—what to do next? Disabling the account would be my first go-to answer, but we had pentesters here a few weeks ago ...

Ansible security best practices

I am going to introduce Ansible into my data center, and I'm looking for some security best practice on where to locate the control machine and how to manage the SSH keys. Question 1: the control ...

Application layer security in cloud mesh network

I am developing few applications running on a server at digitalocean at the moment, mostly Ubuntu Server or Debian. Since I need to scale the system, I will create 2 mysql servers with master-master ...

Microsoft-Windows-Security-Auditing Eventcode: 4625 Unstoppable ex user log

An account failed to log on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 Account For Which Logon Failed: Security ID: S-1-0-0 Account ...

Kerberos kdc is unable to bind to ldap

I am following this guide to setup Kerberos with LDAP. I have followed all the steps. But when I am running kadmin.local it exits with following error: Authenticating as principal root/admin@...

Close default SSH Port On Centos

I have been getting 1000s of failed logins per hour over the past few weeks and I'm sure 99% of them are from bots. I have installed fail2ban and I've been blocking some subnets, but i have also ...

My site is down and redirect to ana html/js file

I have a Drupal site in a dedicated server (ubuntu server 16.04), actually the site appear down in via the browser, but when I browse it via curl command it shows me an html/javascript file. I tried ...

How does URL reservation actually work in Windows, particularly the ACLs?

I'm a .NET developer working on a project that contains multiple WCF services. Some automated tests try to host these services, but depending on whether I don't run the test with administrative ...

Are there any increased security risks with custom shells?

Specifically, I use fish shell. I would really like to use this on my production server, and also set it as the default shell for the root account, but I'm wondering if there are any specific security ...

iptables -i lo vs. -s localhost and -j REJECT vs. -P INPUT REJECT

Preface Just like everything in Linux I'm sure there are a lot of ways to get an intended result with iptables. I'd like to limit answers to the following categories: What is the difference between ...

Fail2Ban on Centos is blocking connections from Cygwin and WinSCP

I got over 3k failed login attempts yesterday morning which was the most ive ever seen. I did some research and Fail2Ban seems to be a good step to stopping this. I have installed it and it seems to ...

MS DNS permissions on zones script add/remove/query

Anyone know an easy way to modify security across many zones? For example I have a hundred or so reverse pointer zones and I want to make sure a group has certain permission level on all zones. Is ...

Auditd is missing SMACK messages

I want to search and report SMACK audit messages with ausearch and aureport. There are SMACK messages in the /var/log/audit/audit.log file, but ausearch doesn't find them (although it does find other ...

HTTPS over third-party SSH tunnel. Is it safe?

I just get a Linux server from a third-party. Then I create a SSH tunnel via SecureCRT: https://www.vandyke.com/support/tips/socksproxy.html , where the Linux server is used as the Gateway Server. ...

Cisco ASA not routing between interfaces

I am hoping someone can help me with an issue I am seeing on a Cisco ASA device, I am having an issue getting an outside interface to pass traffic to a public interface. Outside = 65.125.x.x ...

Multiple unauthorized connections to MySQL Server

I just had a quick look into my MySQL Servers logfiles. There I found the same entry repeated 30 to 40 times, it all happened within one minute. It's the following: <TIMESTAMP> | <THREAD&...

“Fetching” SMTP connections

I'm struggling to word this question so please bear with this preamble. We use a product called Serv-U from Solarwinds as an sFTP server as it has a gateway feature I find really handy. The server ...

My Ubuntu server sometimes prevents MySQL connections until I restart the networking service, why?

I run an instance of MySQL server (5.6), port 3306, on an Ubuntu (14.04 LTS) VM. Employees use a client application to interact with the database. Periodically, I get a troubleshooting call where the ...

How to deal with suspicious sudo user? [duplicate]

I am running Ubuntu 14.04 server with ISPConfig installed and etc. Latest I saw a suspicious home directory named ub. It has some encrypted files in it. Also I found /run/shm/ecryptfs-ub-Private is ...

Huge number of events with event id 4625 win 2012 serrver

I am receiving huge number of 4625 events in Win 2012 server. Below is the event details. Account name and the workstation name are the same and is the hostname of the machine in which I am receiving "...

Someone try to hack my server

I have a linux machine running as a test server. My box redirects my port like 80 directly on this machine. I created it to train all kind of things (raid, tcp...). Recently I tried to connect to my ...
Translating... 0%