Questions tagged [centos]
CentOS is a free operating system distribution based upon the Linux kernel. It is derived entirely from the Red Hat Enterprise Linux (RHEL) distribution.
107 questions
1
vote
0
answers
262
views
How did I get hacked? [closed]
As usual, I ordered a CentOS 7 virtual machine from my hoster. Installed a firewalld and docker on it. In docker, through docker-compose, I launched a web application that hangs on the standard port ...
- 1,055
0
votes
1
answer
154
views
Big old project getting hacked
My website is being hacked for the last 2 days. I'm an amateur who built it back in 2007ish and it still has some poor code. Was a hobby project that suddenly became very popular and lived to this day ...
0
votes
1
answer
481
views
unknown (malicious?) code and file in public dir (Laravel 5.8, apache/cPanel) [duplicate]
I have a Laravel 5.8 app in a server running Apache/2.4.53 (cPanel) and PHP 7.4 (ea-php74) and i have VPS root WHM/cPanel access there. as any Laravel project, the "public" directory is web ...
2
votes
0
answers
3k
views
What exactly is the pkexec bug and how to patch it on CentOS 7? [closed]
There is bug in pkexec program, CVE-2021-4034, which when exploited allows access to root shell.
Is the best way to fix an unpatched CentOS 7 server to just apply the temporary fix of running chmod ...
- 192
2
votes
1
answer
205
views
Does yum enforce cryptographic authentication and integrity validation by default for all packages? (CentOS, RHEL)
Does the yum package manager in CentOS/RHEL-based systems require successful cryptographic authentication and integrity validation for all packages?
I know that software downloaded with apt-get ...
- 1,090
0
votes
0
answers
275
views
Certbot installation from cloudfront.net epel-release mirror
I'm setting up a website on a Centos7 VPS with certbot and let's encrypt.
I am no expert on network security. I checked to see if my epel-release was pulling certbot from a legit mirror.
I ran yum ...
- 13
0
votes
2
answers
320
views
Stack Smashing Short Problem
I want to exploit this code vulnerability and get it to launch me into a shell with privilege access. I'm guessing I need to "push" bob from its current address to address 0x41414142 using ...
0
votes
1
answer
429
views
Exploting a Stack Buffer Overflow vulnerability to get privilege access to system
I am trying to complete a buffer overflow challenge. The code I am trying to exploit is below. I can only use the command line in a Linux environment.
I understand that writing more than 100 ...
1
vote
0
answers
928
views
False positives (port scanning) when using proxychains-ng with nmap [closed]
I get false positive ports that are marked open when using nmap with proxychains-ng (Using a proxy list that contains socks5 proxies). I've tried a couple of techniques to debug this strange behavior (...
- 11
0
votes
0
answers
34
views
How to recover a hacked site with WSO Shell [duplicate]
Recently wordpress site on centos 7 server is hacked and WSO shell was uploaded.
Ive checked other sites and nothing was changed, Im using centos web panel and the root password also was not changed.
...
- 1
1
vote
2
answers
547
views
What config files and logs files of a Linux system (CentOS 7) deserve to be monitored by a SIEM?
I am not a security expert (I am more a software developer) and I am working on a project related to a SIEM installation (Wazuh). This installation is only a demo for a customer, in a second time a ...
- 235
4
votes
3
answers
2k
views
How can we disable sudo on CentOS 6 to prevent CVE-2021-3156?
How can we disable sudo on CentOS 6 to prevent CVE-2021-3156?
We cannot remove RPMs or similar.
We can only change a configuration.
Do we have another fix for CVE-2021-3156 on CentOS 6, except ...
- 1,479
1
vote
0
answers
106
views
Restricting what hard drive can be used with a given machine
I have a machine running CentOS 7 with a removable hard drive. I want to restrict what hard drive can be used with the machine i.e. the machine can only be used with one disk and nothing else.
I've ...
- 111
1
vote
1
answer
1k
views
Why is php-fpm trying to connect somewhere on port 443?
I have nginx and php-fm set up to front a word press site. I used certbot to setup TLS.
When I load any page, I see selinux violations and it looks like php-fpm is trying to reach out to some port ...
- 320
1
vote
1
answer
430
views
Shell escaping vs. /etc/sudoers. What's the difference?
I am trying to grasp some basic principles of security in Linux (I used Centos 8.0 and Kali 2020 in the example below).
I found that providing you have an account in a particular system that is in the ...
5
votes
1
answer
1k
views
GPG Agent SSH Forward Pinentry
I have GPG agent forwarding via SSH RemoteForward working, up to a point:
I can list my private and public keys on the remote host.
If I try to decrypt a file remotely, the PIN is prompted for but ...
- 63
0
votes
0
answers
225
views
SOC2 and the CentOS root user
One of our customers has the following requirement: according to SOC2 they need to block access to the CentOS root account.
They mean any access, even with su root or sudo su.
We have blocked the SSH ...
- 1,479
2
votes
1
answer
996
views
ASLR doesn't work?
I have following code:
#include <stdio.h>
#include <stdlib.h>
int main()
{
int *ptr1 = malloc(16);
int val1 = 0x12345678;
printf("stack: %p\nheap: %p\n", &...
1
vote
1
answer
1k
views
Can I test ssl connection locally with a valid certificate (CA) with local dns?
I have a wildcard valid certificate signed by Certificate Authority. Is it possible to test the https locally from the server without a registered DNS?
My idea is to bind the domain name with 127.0....
- 135
3
votes
1
answer
160
views
/var got mysteriously renamed in /var.1 on CentOS6 server [closed]
On one of our CentOS6 servers, /var got renamed to /var.1 tonight (around 3.24 am) and a new empty /var folder was created. Not surprisingly, it crashed soon after that.
Circumstances:
Over the ...
- 131
1
vote
3
answers
3k
views
How to scan a list of RPM files for publicly declared (CVE) vulnerabilities?
Couldn't find a reliable tool to scan a list of CentOS or RHEL RPM files for vulnerabilities (e.g. list CVEs found for each file).
The goal is to scan the RPM files for vulnerabilities before they ...
- 492
-1
votes
1
answer
348
views
Java web app hosted in tomcat hanged for more than 10 min with logs containing powershell attack
We have a java web application running in tomcat which is hosted in AWS. The operating system used in the server is Centos. Today it become inaccessible for more than 10 minutes. When we got access, ...
- 1
3
votes
1
answer
233
views
Exposure of /etc/ssh, risks?
I accidentally exposed the keys in /etc/ssh
What is the risk?
I think it will allow someone to impersonate the server and conduct MITM.
Will it let someone SSH into the server? I think not because ...
- 31
1
vote
1
answer
316
views
RHEL7 SSGv0.1 2.2.3 Unauthorized SUID/GUID executables
We are upgrading to RHEL 7.6. My Nessus scanner is giving me the following message:
2.2.3.c-d Mandatory Review Required: Find unauthorized SUID/GUID System Executables
RHEL7 SSGv0.1 2.2.3 Unauthorized ...
- 244
2
votes
1
answer
1k
views
Why is autofs insecure?
I am hardening CentOS/RHEL 7.6. The hardening documents recommend disabling the automounter, "unless it is necessary."
Why is autofs such a problem?
One of the benefits of networking is a shared file ...
- 244
1
vote
0
answers
168
views
Rationale for removing cronie-anacron
My Nessus scanner reports that I need to remove cronie-anacron. What is the rationale for this?
The Nessus output is:
3.3.b(2) Disable Anacron
checking that the anacron RPM package is not ...
- 244
2
votes
0
answers
516
views
How do I create exceptions on Wazuh (OSSEC)?
I currently have a setup with OSSEC and AIDE running on our servers.
We are currently receiving a daily alert for each agent when AIDE runs and changes audit.log.
I want to make an exception for ...
4
votes
1
answer
6k
views
Is TLS 1.3 supported in Dovecot 2.3.4 and Postfix 3.3.2?
I would like to configure an email CentOS 7-based server to use TLS 1.3. Currently it uses TLS 1.2 for securing the SMTP and POP3 sessions. For SMTP I use Postfix software and for POP3 I use Dovecot ...
- 41
1
vote
1
answer
391
views
Is it dangerous to keep permissions at 666 to member file on SELinux?
I just installed SELinux. I read a lot of tutorials but I am not very comfortable with SELinux.
On CentOS help page , I can see that some files in
/selinux/ are writable by other user : https://www....
user192382
0
votes
1
answer
128
views
CentOS payload injection attempts? [duplicate]
My PHP logs have been flooding with seemingly random attempts to access scripts and software which isn't installed on my server. At first, All the attempts came from a single IP, I was using ...
2
votes
1
answer
324
views
php-fpm.log shows a mass of unusual attempts to open primary script with random filenames [duplicate]
I recently happened to inspect my php-fpm.log and found a lot of suspicious activity that looks like malicious attempts to get access to my host. Here're some of the logs:
[07-Oct-2018 22:01:31] ...
- 21
6
votes
2
answers
2k
views
OpenSSL Certificate Renewal with same keys and NO CSR
I have a Linux-based vendor-supplied virtual appliance that uses OpenSSL to manage certificates. The current server certificate is from Symantec so has to be replaced with a DigiCert. DigiCert is ...
- 163
0
votes
0
answers
196
views
Disable SSLv3 in IPSec CentosOS
I have been told to shut down support to SSLV3 - TLS 1.0 - TLS 1.1 to all encrypted communications towards external web services.
Now, I have an IPSec/CentOS gateway in front of my Data Center.How ...
- 109
2
votes
1
answer
926
views
ModSecurity Rule 973338
ModSecurity blocked access due to the following:
[msg "XSS Filter - Category 3: Javascript URI Vector"] [data "Matched
Data: esrco found within ARGS:as_email:[email protected]"]
[...
- 213
5
votes
2
answers
505
views
How to build arbitrary Dockerfile Images Without Compromising Host
I'm building a server that will build images directly from Dockerfile:
docker build -t arbitrarydocker .
This docker file will be built on the same server as other client Dockerfiles, which may have ...
- 151
0
votes
3
answers
458
views
Tor exit node as CentOS mirror
Today we saw traffic going from CentOS servers to a Tor exit node. This caused some raised eyebrows and led us to investigate what was going on.
In the end it turned out that this exit node also acts ...
- 101
1
vote
1
answer
1k
views
How to acquire security advisory for CentOS?
I've been seeing security advisory number like CESA-2017:1842, and after search I could only find some of them in mailing list archives such as this.
Is there a website like https://usn.ubuntu.com or ...
- 291
0
votes
1
answer
1k
views
Are there open by default ports with Centos 7's firewalld?
My Centos7 firewalld has TCP ports 8083, 8086, and 5000 open. I don't recall opening them, except for maybe 5000 when first learning about firewalld.
Are there any ports that might come out of the ...
- 313
7
votes
3
answers
4k
views
How secure is ssh key-based authentication
I have a newly installed (and updated) Centos 7 server I use for testing.
I implemented RSA key based authentication for ssh and set PermitRootLogin to without-password
When I logged on this morning ...
- 87
1
vote
1
answer
2k
views
Does anybody know if CentOS have official support for OVAL definitions?
I saw it here that CentOS have no official support for OVAL security definitions(patch, vulnerabilities).
Based on what I observe at oval.mitre.org, it looks like they don't even have a vulnerability ...
- 291
0
votes
1
answer
1k
views
Android pinning SSL handshake Exception after SSL renewal of website
i've an android app with ssl pinned it was working fine but after i've renewed the SSL now its throwing exception
javax.net.ssl.SSLHandshakeException:
java.security.cert....
- 103
1
vote
1
answer
298
views
Impacts of running "./CA newca" command in /etc/pki/tls/misc/ when CA already exists
After accidentally running "./CA newca" from /etc/pki/tls/misc, I noticed a few files getting updated in /etc/pki/CA, and possibly more. But there weren't any prompts when running the command like ...
- 215
5
votes
1
answer
2k
views
FIPS 140-2 ready linux distribution
We're preparing for FIPS 140-2 project and trying to minimize the effort in the software space.
So - is there FIPS 140-2 ready Linux distribution that you can just install and not even touch the ...
- 153
2
votes
1
answer
925
views
SELinux related to fips 140-2?
I'm preparing a CentoOS based product for FIPS 140-2 level 2 certification and I have gone through the guides on enabling FIPS mode in RHEL Distros.
Is SELinux somehow related to FIPS requirements?
...
- 81
-1
votes
1
answer
230
views
Buffer overflow process in my server(How detect rootkit)? [duplicate]
Today i'm update my web server on Cent OS 6 and like this if see top
2593 root 20 0 196m 5228 212 S 730.6 0.1 484:18.06 wjeackglrl
8648 bitrix 20 0 399m 85m 7580 R 42.5 2.2 0:23....
- 101
2
votes
1
answer
194
views
Preventing Website Directory Listing
When my CentOS 7 Apache web server was compromised recently, which hosts multiple sites, a script was uploaded to one of the sites and then used to add files to any other sites on the server that had ...
user112461
11
votes
4
answers
56k
views
Privilege escalation using passwd file
If I have a world writeable /etc/passwd file on a system, how can I escalate my privileges to root? I am currently a underprivileged user. The underlying OS is CentOS 7.2 in case you are wondering
I ...
- 291
2
votes
1
answer
983
views
What Does This Command Do? Should i be worried?
So I was debugging my code when I see these few lines in my log:
GET /cgi/common.cgi 302 8.015 ms - 23
GET /stssys.htm 302 2.928 ms - 23
GET / 200 134.922 ms - 9896
POST /command.php 302 33.826 ms - ...
- 45
0
votes
1
answer
543
views
RFI - Is this possible even if you use an Application Server?
Since JBoss is acting as a middleware - Application Server - I was wondering if it's still possible to face with File Inclusion attacks.(?) The reason I was wandering so is that in such a case, no ...
- 246
18
votes
5
answers
3k
views
Stop large requests to my server (TOR)
I am being attacked right now from Tor nodes which are doing 404 requests to my HTTP server. It is from one IP but when i use the DROP iptables rule, it starts again from another IP in a matter of ...
- 181