Kerberizing RHEL Server

  • Jun
  • 13

Notes from Plone… yum install krb5-workstation pam_krb5 -y # if krb5.conf is present we should get a fresh copy mv /etc/krb5.conf /etc/krb5.conf.bak yum reinstall krb5-libs -y sed -ie ‘s/example.com/FQDN/g’ /etc/krb5.conf sed -ie ‘s/EXAMPLE.COM/FQDN/g’ /etc/krb5.conf fqdn=`hostname –fqdn`; echo ” ank -randkey host/$fqdn@FQDN ktadd -k /etc/krb5.keytab host/$fqdn@FQDN “; — OR — kadmin netid/admin@FQDN addprinc -randkey host/$fqdn ktadd […]

read more

Denyhosts Assists

  • Apr
  • 10

Every so often a legitimate user will get blocked by deny hosts.  When this happens you can re-enable their access with these 8 simple steps (UPDATE: or use the faster version, see below): Stop DenyHosts # service denyhosts stop Remove the IP address from /etc/hosts.deny Edit /var/lib/denyhosts/hosts and remove the lines containing the IP address. […]

read more

SSH – weak ciphers and mac algorithms

  • Jun
  • 25

A security scan turned up two SSH vulnerabilities: SSH Server CBC Mode Ciphers Enabled SSH Weak MAC Algorithms Enabled To correct this problem I changed the /etc/sshd_config file to: # default is aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128, # aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc, # aes256-cbc,arcfour # you can removed the cbc ciphers by adding the line Ciphers aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,arcfour # default is hmac-md5,hmac-sha1,hmac-ripemd160,hmac-sha1-96,hmac-md5-96 # […]

read more

Recent Comments

Meta

Stay In Touch
Contact Details
Address: FM-9, B-Block, Second Complex Mansarover, Bhopal

Tech Articles

September 2024
M T W T F S S
 1
2345678
9101112131415
16171819202122
23242526272829
30  

TechnicalKnow-How.com-Providing Affordable Business Solutions

This Site powered by WordPress