Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
Closed 5 years ago.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Improve this question
I am writing software that needs to uniquely identify multiple different machines. I was planning on using /etc/machine-id to do this.
While reading the docs for machine-id, I stumbled upon this passage:
This ID uniquely identifies the host. It should be considered "confidential", and must not be exposed in untrusted environments, in particular on the network. If a stable unique identifier that is tied to the machine is needed for some application, the machine ID or any part of it must not be used directly. Instead the machine ID should be hashed with a cryptographic, keyed hash function, using a fixed, application-specific key.
Is this really the case? If so, what could an attacker actually exploit using the machine-id? I don't know much about d-bus, but I was under the impression that it's only for IPC, and therefore I'm not sure why it would really matter if a remote attacker knew the machine-id. I was planning on sending / storing these unencrypted, but would rather not if it's going to be a security issue.
Edit: This question was answered here by someone familiar with the issue. Basically, the recommendation in the manpage is just for privacy reasons, not due to any actual security issues.
Related
Closed. This question is not about programming or software development. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 5 days ago.
Improve this question
If a malicious internet user bypasses Cloudflare and requests the resources constantly, at this case is it viable to use Amazon Serverless even with an upper usage limit?
Thanks,
I read the Amazon Serverless docs and I though there can be some hazards
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
Closed 6 years ago.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Improve this question
I have a number of machines which I would like to check using my Nagios box. They sit behind a machine which is reachable from my Nagios box; all are running Linux. These machines have no routing to outside networks. If I need to reach the machines manually I either ssh to the intermediate box and then ssh to the other machines, or I'll use ssh to forward a port.
I usually use SNMP for most of my checks. So my thought is that prior to my Nagios box running a check I could have it run a command to forward the needed port, then get rid of the forward when done. Can anyone guide me on the best way to do this?
Thanks!
You probably want to look into Nagios passive checks. As described in the documentation:
Passive checks are useful for monitoring services that are:
Asynchronous in nature and cannot be monitored effectively by polling
their status on a regularly scheduled basis
Located behind a firewall and cannot be checked actively from the monitoring host
Your use case is pretty clearly the second one.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
Closed 6 years ago.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Improve this question
I know it flies in the face of the very notion of a "secure shell," but I would like a way to run SSH that requires absolutely no authentication whatsoever. I have a collection of machines that run on a totally air gaped network. It's used for a hardware prototyping project, and for reasons beyond my understanding some of these machines occasionally start asking for a password regardless of the fact that they have all been cloned with the same SSH keys that work some times.
I'd really like to side step all the security issues that can prevent SSH from connecting to a machine. I've seen in other posts people strongly recommending against what I am trying to do; but I've wasted enough time trying to fight SSH's security features. Is there a flag I can use? A change to a config file? Another version of SSH I can install?
Any help would be appreciated.
It seems that you want a 'remote shell', so try rsh.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 8 years ago.
Improve this question
I live in a college hostel, some other guys do the DOS attacks on rest computers.
The PC gets hanged, CPU uses becomes 100%.
Please help me to prevent from such attacks.
A more elaborate solution would be to put some sort of firewall between you and the rest of your network. and if you now where the attacks are coming from, meaning which ip(s) send the traffic you can block those so your computer doesn't even treat them.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
Closed 8 years ago.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Improve this question
RFC3315 says:
"
The client SHOULD perform duplicate address detection [17] on each of
the addresses in any IAs it receives in the Reply message before
using that address for traffic. If any of the addresses are found to
be in use on the link, the client sends a Decline message to the
server as described in section 18.1.7.
"
But the dhclient on my PC assign duplicated address.
Wireshark shows that there is no DAD check.
How it supposed to work? Did I miss some magic option?
The original source code from ISC does not support such requirement for IPv6.
But, it was fixed in Fedora in 2010. See http://www.mirrorservice.org/sites/dl.fedoraproject.org/pub/fedora/linux/releases/20/Fedora/source/SRPMS/d/
But this patch has a bug. It uses ALL options from REQUEST to send DECLINE, however RFC3315 says no Rapid_Commit and no Reconf options.
Be careful.
Main idea is to check leased IP for duplication in dhclient-script. If the IP is duplicated script should return 3 otherwise 0.