Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [security]

For questions relating to application security and attacks against software. Please don't use this tag alone, that results in ambiguity. Information security means protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, perusal, inspection, recording or destruction. If your question is not about a specific programming problem, please consider instead asking it at Information Security SE

Information security means protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, perusal, inspection, recording or destruction.

Resources

6881 questions
3
votes
1 answer

Unknown ssh connections found in lsof -i has my server been compromised?

I have a Digital Ocean droplet running Ubuntu 14.04. I use it for running quick node.js tests on a publicly available server. I just logged in via SSH and did $ lsof -i to see what ports I was using. At the bottom of the list I noticed: sshd …
James
  • 133
  • 5
3
votes
1 answer

Is it safe to store shell scripts into /var/www?

I have my apache host under /var/www/html and I put few small git deploy scripts into /var/www directory for simplicity. Is www a public folder? Is it safe to store scripts in there? If so, are there any risks? If not, which directory is…
Kunok
  • 153
  • 6
3
votes
1 answer

Privacy concerns with windows 10 Pro

I don't need any of the Windows 10 enterprise features but enterprise is the only one that (legitimately) allows me to turn off the CEIP (Customer Experience Improvement Program); this is the component that will send MS a crash dump that might…
Paddy Carroll
  • 237
  • 1
  • 2
  • 11
3
votes
0 answers

Enforcing audit settings for all subfolders and files on NTFS

On Windows 7 I would like to enforce auditing on all subfolders and files for a specific local folder, by using the included Windows auditing features. When a user moves a file from the same NTFS volume into the folder that has auditing configured,…
René
  • 31
  • 1
3
votes
2 answers

Does Active Directory send a user's access token across the network?

Question: does AD send a user's access token across the network? Research: The following two passages contradict themselves--given that TGTs are transmitted across the network by design. From the 5th Edition of Active Directory by Oreilly: Most…
mellow-yellow
  • 441
  • 6
  • 15
3
votes
2 answers

My website is infected, I restored a backup of the uninfected files, how long will it take to un-mark as dangerous?

My website www.sagamountain.com was recently infected by a malware distributor (or at least I think it may have been). I have removed all external content, google ads, firefly chat, etc. I uploaded a backup from a few weeks ago, when there was no…
Cyclone
  • 206
  • 3
  • 8
3
votes
1 answer

How to verify installation of ImageMagick is not vulnerable to CVE-2016-3714

CVE-2016-3714 was announced on May 3, 2016. This vulnerability unfortunately goes by the name, ImageTragick and has received some press (for example, this ArsTechnica article). Until updated ImageMagick packages are released in the near future, we…
ChrisInEdmonton
  • 161
  • 4
3
votes
2 answers

Secure Email Settings for Email Clients & for PHPMailer

I'm trying to work out how to make my outgoing/incoming email's as secure as I can possibly make them. First of all, my domain has Wildcard OV SSL Certificates, I have copies of the .csr, .crt and .key files but I don't have any PKCS12 files of .p12…
Ryflex
  • 139
  • 1
  • 11
3
votes
0 answers

Can't find users logged in with notty via the who command

I was curious if anyone had any ideas why when I run who and who --all, I still cannot see users logged in under notty? See below: [cbennett@lstn ~]$ who --all system boot 2016-04-25 09:20 run-level 3 2016-04-25 09:20 LOGIN …
Carl Bennett
  • 783
  • 3
  • 7
  • 14
3
votes
7 answers

Windows Vista Explorer via Runas... or Best Way for Domain Administrator to Work in a Limited Account

One thing that's annoyed me for a great while about administrating a Windows domain is trying to work primarily from a limited user account. Much of what I do on my workstation on a day to day basis doesn't require admin rights, so I prefer to run…
Boden
  • 4,968
  • 12
  • 49
  • 70
3
votes
0 answers

security audit flags redhat/centos package version numbers despite patches

Redhat has this policy of backporting security fixes. But then when RHEL and CentOS sites get audited, the auditors invariably just list the package versions or ask ssh what it's version number is, and then they fail you because you appear to be…
DigitalRoss
  • 868
  • 1
  • 6
  • 15
3
votes
1 answer

apache LimitRequestBody equivalent for haproxy

recently we migrate our http load balancers from apache to haproxy (http mode) for security reasons we use LimitRequestBody in apache configurations to control requests size is there any equivalent configurations for haproxy? thanks in advanced
Sassan torabkheslat
  • 113
  • 2
  • 10
3
votes
1 answer

Will it detriment my security if I allow all connections from localhost through iptables?

Under my current configuration, iptables will block every inbound connection, even if coming from localhost. In some cases, I need localhost to connect to itself. If I create a rule that allows all inbound connections from localhost, will this…
user346974
3
votes
6 answers

Running multiple sites on a LAMP with secure isolation

I have been administering a few LAMP servers with 2-5 sites on each of them. These are basically owned by the same user/client so there are no security issues except from attacks through vulnerable deamons or scripts. I am builing my own server and…
David C.
3
votes
2 answers

Is Office365 Message Encryption actually secure?

I'm looking at implementing Office365 Message Encryption for our organization. My question is this: is it actually more secure than regular (unencrypted) email for messages sent to users outside the organization? According to this page, external…
ebarrere
  • 330
  • 1
  • 3
  • 15
1 2 3
99 100