switch to room list switch to menu My folders
Go to page: First ... 18 19 20 21 [22] 23 24 25 26 ... Last
[#] Fri May 01 2015 08:36:57 EDT from fleeb @ Uncensored

[Reply] [ReplyQuoted] [Headers] [Print]

(src: System_Administrators_Guide/sect-Managing_Services_with_systemd-Services.html


[#] Fri May 01 2015 10:52:29 EDT from LoanShark @ Uncensored

[Reply] [ReplyQuoted] [Headers] [Print]

netstat -an | grep LISTEN. Find out what process owns those ports, whether they are truly necessary for your use case, and if not, shut them down.

next, think about local security. Can you enable selinux in strict mode without breaking anything critical?

Red Hat used to have a simple "enable the firewall" script that would install some basic packet filters. I don't remember the name of it anymore, might have been system-config-firewall

Use the "find" command to hunt down setuid/setgid binaries that might not be necessary.

This is basic stuff. I'm not a security guru anymore, if I ever was. Google "Red Hat hardening" or something.

[#] Fri May 01 2015 21:17:13 EDT from Sig @ Uncensored

[Reply] [ReplyQuoted] [Headers] [Print]

Thank you. At the least, those give me more useful search terms.

[#] Sun May 03 2015 02:10:29 EDT from ax25 @ Uncensored

[Reply] [ReplyQuoted] [Headers] [Print]

List listening sockets and proggies):

netstat -aonp

List the users of the port, and userid:

lsof -ni :portnumber
lsof -ni :25

Show the individual process info:

cat /proc/[pid]/cmdline
cat /proc/11104/cmdline

(and many other items under /proc/[pid] that interest you (cat is your friend).

Feel free to share anything you learn as well.

[#] Sun May 03 2015 07:52:32 EDT from dothebart @ Uncensored

[Reply] [ReplyQuoted] [Headers] [Print]

the citadel faq has the most important ones:

[#] Fri May 08 2015 11:55:50 EDT from IGnatius T Foobar @ Uncensored

[Reply] [ReplyQuoted] [Headers] [Print]

So I finally booted up the Pi that I got for Christmas. But I only had a 2 GB SDcard so I moved my root filesystem to a 250 GB external USB drive.
It was really easy. Everything behaved as I expected it to. All I had to do was rsync to the new filesystem, identify its UUID, call for its mount as rootfs in its own /etc/fstab and in the Pi's boot partition, and reboot.

I like it this way better. The SDcard is /boot and nothing else.

[#] Fri May 08 2015 11:56:56 EDT from IGnatius T Foobar @ Uncensored

[Reply] [ReplyQuoted] [Headers] [Print]

(And yes, it was sooooo satisfying to be able to type "apt-get install citadel-client" on the Pi and get a precompiled Citadel client fed back to me, even though none of us on the project have ever explicitly built on this platform before!)

[#] Sat May 09 2015 14:21:26 EDT from dothebart @ Uncensored

[Reply] [ReplyQuoted] [Headers] [Print]


Fri May 08 2015 11:56:56 EDT from IGnatius T Foobar @ Uncensored

(And yes, it was sooooo satisfying to be able to type "apt-get install citadel-client" on the Pi and get a precompiled Citadel client fed back to me, even though none of us on the project have ever explicitly built on this platform before!)

And that without java - compile once debug everywhere ;-)

[#] Sat May 09 2015 22:34:26 EDT from IGnatius T Foobar @ Uncensored

[Reply] [ReplyQuoted] [Headers] [Print]

That's not really a fair comparison.  Sure, the Debian repository is available on every platform, but it's native, so it's compile everywhere debug everywhere.

Java's bad reputation has everything to do with the smear campaign orchestrated against it in the 1990's.  Since then it has become the lingua franca of business logic anyway.

[#] Tue May 12 2015 11:25:34 EDT from LoanShark @ Uncensored

[Reply] [ReplyQuoted] [Headers] [Print]

Not really. The phrase "compile once, debug everywhere" had a lot of truth to it, borne out by bad experiences with AWT, which turned out to be not be such a panacea for cross-platform portability as was first hoped. It's *hard* to build a cross-platform window toolkit in a way that respects the native look-and-feel of all platforms.

"Compile once, debug everywhere" is *absolutely not true in the same sense* when applied to server-side java, which has proven highly portable.

[#] Thu May 14 2015 11:36:39 EDT from IGnatius T Foobar @ Uncensored

[Reply] [ReplyQuoted] [Headers] [Print]

That much is very true. AWT was a pain in the neck to test everywhere. And although one could argue "AWT is *not* Java" -- and be correct about that -- AWT was a big part of the initial Java experience for a lot of people.
It was released at a time when there was such a thing as

" native look and feel "

As we all know ... there is no longer any such thing. Web based applications broke everyone's addiction to needing the exact same widget set on every application.
Nowadays, developers use whatever chrome they want. As a result, an application written in Java that uses SWT, say on Windows for example, looks no more "foreign" than Microsoft Office.

The result ... even on the desktop, Java applications now look the same everywhere, because they use the same widget set (and therefore the same pixel-by-pixel dimensions of every widget) on every platform. I like it.

[#] Thu May 14 2015 23:37:01 EDT from ax25 @ Uncensored

[Reply] [ReplyQuoted] [Headers] [Print]

I liked the fact that the Blackdown Java on Linux allowed me to have a Linux workstation and do Java development for Windows back in the late 90's.  It was fun having Linux servers push out Jar files to remote web servers via JWS, allowing branch locations running Windows clients to update software in the middle of the work day.

For all the faults people find with Java / Java Web Start and all that, I was able to make some use of it and do some pretty cool testing / release cycles that I have been hard pressed to duplicate (outside of the LAMP stack world).

[#] Fri May 29 2015 08:55:59 EDT from IGnatius T Foobar @ Uncensored

[Reply] [ReplyQuoted] [Headers] [Print]

Sorry folks, I just went ahead and deleted the thread that appeared in here over the last couple of days.  I don't have any tolerance for people who don't read documentation, who don't follow the instructions on the Citadel web site indicating that support requests belong in the Citadel Support room, and who obviously work for a company that builds a competing product.



[#] Thu Jun 04 2015 10:25:02 EDT from Sig @ Uncensored

[Reply] [ReplyQuoted] [Headers] [Print]

So I'm doing my annual "two weeks in the summer" and this year I got sucked into the CyberGuard exercise. Our state is one of 18 sending National Guard teams (joint Air and Army Guard) to the exercise to validate a network defense team concept they have been kicking around for a while. (I think it's a disaster; separate issue.)

I was literally the fifth person they called on a Friday, trying to fill the last Army slot on the team. My primary qualification is that I did not yet have my 15-day annual training period fully committed elsewhere; all of the qualified actual computer nerds had other schools or training events they had to attend. (This is the reward you get for doing your schools on time as soon as you're eligible; you can be sucked into other things.)

It's not exactly against my will, but it is a fair bit outside my lane. I've been playing with Linux on and off since my first experimenting with Mandrake dual/duel-booting (it was both) in 2000; now I find myself the team's #2 Linux guy. Disturbing. I have never had to actually support someone else's setup or do anything that is considered mission critical; the worst that's likely to happen at home is that I have to wipe a machine or nuke an image and try again. So this is pretty enterterrifying.

[#] Sat Jun 06 2015 22:44:59 EDT from ax25 @ Uncensored

[Reply] [ReplyQuoted] [Headers] [Print]

Bah, trial by fire Sig.  I would imagine you have been there before.

[#] Tue Jun 09 2015 11:12:41 EDT from fleeb @ Uncensored

[Reply] [ReplyQuoted] [Headers] [Print]

Sig... perhaps suggest they take a look at what TeleCommunication Systems is doing by way of training in cyber security. The Navy seems to be interested in them... perhaps they would also work well for the Army/Air Force.



I work for that division of TCS. Hell, in the future, I might be one of the trainers.

[#] Tue Jun 09 2015 17:48:39 EDT from Sig @ Uncensored

[Reply] [ReplyQuoted] [Headers] [Print]

We're under enough artificial constraints and technical limitations that I'm not sure why we're bothering to have an exercise at all.

[#] Wed Jun 10 2015 13:05:34 EDT from fleeb @ Uncensored

[Reply] [ReplyQuoted] [Headers] [Print]

Because... government work?

I've noticed the government seems to revel in process without reason.

[#] Fri Jun 19 2015 08:45:01 EDT from IGnatius T Foobar @ Uncensored

[Reply] [ReplyQuoted] [Headers] [Print]

Ok Sig ... so what is CyberGuard doing with Linux and how's it going for you?

[#] Sat Jun 20 2015 00:15:39 EDT from ax25 @ Uncensored

[Reply] [ReplyQuoted] [Headers] [Print]

Cool, I learned another acronym tonight : OCONUS - thought it meant overseas, but really "Outside Continental United States" is Alaska, Hawaii, and Puerto Rico.

So, lots of Windows specific jobs and only a few Linux jobs.  Mostly dev jobs for Linux.  I suppose first responders etc still prefer the software be incompatible with the hardware if I read the job postings correctly :-)

Go to page: First ... 18 19 20 21 [22] 23 24 25 26 ... Last