Questions tagged [security]

Security is not a product, but a process.

Filter by
Sorted by
Tagged with
0
votes
0answers
28 views

Run nmap in a Docker container as a non-admin user

I'd like to run the Nmap tool in a Docker container but not with the default root user account. I already set the (hopefully) right capabilities via setcap. Unfortunately, I get only the "...
0
votes
0answers
22 views

Found errorEE.aspx Web Shell in Exchange 2016 auth folder

So recently Microsoft published this document: https://www.microsoft.com/security/blog/2021/03/02/hafnium-targeting-exchange-servers/ They mention a web shell called errorEE.aspx and when I checked my ...
1
vote
0answers
49 views
+50

TLS 1.3 support for Windows Server 2019

Is TLS 1.3 supported on windows server 2019? I found a documentation from microsoft but for some reason the matrix doesn't include server 2019: https://docs.microsoft.com/en-us/windows/win32/secauthn/...
0
votes
0answers
30 views

How can you audit (7x24) which process is performing a given DNS query?

The inner router in my home network (an Asuswrt based router), the one most of my home devices are connected to, has Suricata installed. Among other things, it checks DNS queries and flags those that ...
0
votes
1answer
18 views

How would I set up Debian 10 and Postfix security for a limited send-only email setup?

I (me and my wife) run a small Debian 10/Buster web server with a few websites for friends and need to set up outgoing email. I've got to the point where I can send emails from the command line (echo &...
0
votes
1answer
76 views

How to set up a secure system to allow only specific clients to access specific services on a server?

Preface Please bear with me if I use incorrect terminology or don't express the problem too well since I'm not an expert on system administration/server maintenance. Let me know/correct me if I do so ...
20
votes
5answers
3k views

Does DKIM alone not solve the spam issue? Why do I need SPF?

FINAL EDIT : I was completely wrong about DKIM it seems, the signing domain does not have to be the same as the sender domain, thus the whole premise for my question is flawed. A lot of thanks to Paul ...
0
votes
1answer
40 views

It seems that a robot is creating a lot of user accounts on my website

I am working on an e-commerce website... there is a bot that keeps creating new users on our website... All the users belong to allmelbet.com and all of them have exactly the same first name and last ...
-3
votes
0answers
20 views

access for only google services to private site [closed]

I have a site which have access from internet over static ip. And im a little paranoid and scare that something or some hackers can scan and found my site. Im not new in it and configured https, two ...
0
votes
1answer
67 views

Should I be concerned about attackers spraying for vulnerabilities on our webserver?

I'm running a webserver with monitoring software (Sentry.io) and I can see (failed) hits to the following endpoints: GET /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php GET /console/ POST /api/...
0
votes
1answer
14 views

Connect to production database on vps from local dev environment

I am using a Ubuntu 20.04.1 LTS VPS with a deployed Laravel Framework 6.20.16 application. I am currently connecting to my mysql database via ssh using dbeaver, using simply [email protected]_Address and my ...
0
votes
0answers
16 views

Limit docker rights

I am planning to give users access to docker. But I want to limit their rights, by limiting by example no priviledged no mount of /dev no mount of folder if they don't have the rights (is this list ...
0
votes
1answer
30 views

Azure Global Admin without Office 365

My company has both Azure AD and Office 365, and I am a Global Admin. I'm trying to release my Office 365 permissions as I don't need those, but I still need full administrative control over Azure as ...
0
votes
0answers
8 views

Is there any command in Debian and Ubuntu similar to Red Hat sudo yum updateinfo list cves?

in Red Hat, I'm used to: Check which cve currently affect the system and the severity: sudo yum updateinfo list cves Get more details about that CVE: sudo yum updateinfo <CVE_NAME> Install all ...
0
votes
1answer
34 views

Is there any tool or service for checking your server's version and detect vulnerabilities and patches?

I am looking for a tool or something like a server/control panel that can list all the infrastructure I am using and its version (i.e. Redis Server version 6.4.x). It would be useful in order to get a ...

15 30 50 per page
1
2 3 4 5
437