Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [security]

For questions relating to application security and attacks against software. Please don't use this tag alone, that results in ambiguity. Information security means protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, perusal, inspection, recording or destruction. If your question is not about a specific programming problem, please consider instead asking it at Information Security SE

Information security means protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, perusal, inspection, recording or destruction.

Resources

6881 questions
3
votes
2 answers

Any security risk in creating root public/private keys and adding public key to Github repo?

I would like to do version control on some important directories on my server such as /etc/apache. All the files and subdirectories in that directory are owned by root:root. Would it be considered a security risk to create a public/private key…
Jim
  • 330
  • 7
  • 16
3
votes
1 answer

Catch backslashes, single and double quotes in GET requests

According to this SQL Injection Basics article: <…> the operations mostly used for breaking\fuzzing the SQL query’s are. ' Single quote " Double Quote \ Backslash (MySQL Escape character) There also are hex-encoded characters (e.g. 0x3a3a)…
ᴍᴇʜᴏᴠ
  • 577
  • 1
  • 6
  • 20
3
votes
0 answers

Why a TCP connection fail faster on Linux closed ports than on Windows ones?

While trying the simple exploit described here I noticed that it doesn't works on Linux while it works on Windows (tried with several browsers). Apparently this is because, on Linux, the operating system is faster to reply with an error if you…
Giacomo Tesio
  • 147
  • 5
3
votes
0 answers

How to filter external HTTP requests using on remote host location and GET parameters with Tomcat8?

I have a tomcat 8 web applications server and it has a running application (/app). This /app can be accessed from both internal and external HTTP GET requests but 1 request from external should be filtered and returns error if it is not requested…
Bằng Rikimaru
  • 141
  • 4
3
votes
1 answer

Is it safe to expose an AWS instance ID?

Context: My company has private API that we only expose to our our employees and vendors who need access to it. That being said there are a few parts of it that don't require login to view, namely the status-check and login endpoints. As a part of…
Nicholas Summers
  • 133
  • 6
3
votes
0 answers

Are there risks / downsides to creating users who are required to login with the LogonType of "Batch"

I am a vendor providing instructions to my users to cover of the situation where they want to create users on a windows server simply for the purpose of authentication. Note: Active Directory is not involved or available. These user should not…
AnthonyVO
  • 161
  • 4
3
votes
1 answer

docker-machine with "generic" driver: security concerns

I want to use docker-machine to deploy containers on a Debian 9 server from my local computer. I followed instructions from this page, which clearly indicates: If you are using « sudo » on the host, make sure you configure passwordless sudo: #…
Antwane
  • 165
  • 1
  • 11
3
votes
2 answers

Are there registry settings for Password Policies on Windows 2008?

I need to automatically set the following local password policies on a number of standalone Windows 2008 Server machines: Maximum password Age Minimum password Length Password must meet minimum complexity requirements Are there registry settings for…
Kev
  • 7,877
  • 18
  • 81
  • 108
3
votes
1 answer

VPN server location in network best practice

Is there a best practice with respect of where to set up a VPN server which is designed to facilitate access to a corporate network, and why? Historically I've set the VPN up on the gateway/core router, however I understand it is now common practice…
davidgo
  • 6,222
  • 3
  • 23
  • 41
3
votes
1 answer

Why does squid (proxy server) listens on port 48512?

I just installed squid on my ubuntu machine (sudo apt-get install squid3) and after installing it I noticed that it listens on port 48512. $ netstat -tulpn | grep squid tcp 0 0 0.0.0.0:3128 0.0.0.0:* LISTEN …
Tono Nam
  • 322
  • 3
  • 17
3
votes
5 answers

Reset firewalld rules to default?

On CentOS 7 have I been trying out different firewalld rules and iptables commands, and now want to do it all over, but only using firewalld. Question How can I reset all rules to the default that CentOS 7's firewalld ships with?
Louise Hoffman
  • 476
  • 2
  • 6
  • 12
3
votes
1 answer

Can't disable TLS 1.0

I'm working on Windows Server 2016 Standard and trying to disable TLS 1.0 and enable 1.1 and 1.2 with the IIS Crypto. However, whenever I disable 1.0 and keep 1.1 and 1.2 enabled, my IIS apps stop serving. I've rebooted the server after the…
Alex
  • 271
  • 3
  • 14
3
votes
0 answers

Chroot SFTP Group

I have a CentOS 6.9 file server set up. Everyone in the company is given access as a member of the staff group. They're dropped into /home/sharedfolder when they connect, however they're able to jump up to the /home directory and view subdirectories…
Gray Loon
  • 41
  • 1
3
votes
3 answers

Why firewalld doesn't apply my drop rule?

In centos 7 I want to block traffic from a source IP (example 3.3.3.3) and for that I apply the following rule: # firewall-cmd --permanent --zone=drop --add-source=3.3.3.0/24 # firewall-cmd --reload After that command I checked that my rule applies…
kockiren
  • 886
  • 3
  • 14
  • 37
3
votes
1 answer

Spamassasin user - disable shell

I recently discovered that spamassasin added the following line to my passwd file: debian-spamd:x:115:122::/var/lib/spamassassin:/bin/sh. Why does spamassasin need shell access? Is it safe to disable shell access (f.e. set shell to…
koseduhemak
  • 271
  • 3
  • 8
1 2 3
99 100