Symfony security: useful methods for the view
Check if user is logged in:
$sf_user->isAuthenticated()
Check if user belongs to a specific group:
$sf_user->hasCredential('admin')
Check if user is logged in:
$sf_user->isAuthenticated()
Check if user belongs to a specific group:
$sf_user->hasCredential('admin')
def random_password(size=8)
chars = (('a'..'z').to_a + ('0'..'9').to_a) - %w(i o 0 1 l 0)
(1..size).collect{|a| chars[rand(chars.size)] }.join
end
See who has been trying to login using SSH:
cat /var/log/secure*|grep smtp|awk -F: '{print $5}'|sed 's/^.*from=//; s/\.[0-9]\{1,3\}$//;'|sort|uniq -c|sed 's/^ *//;'|sort -gnr|more
password requisite /lib/security/$ISA/pam_cracklib.so retry=3 minlen=8
cp /etc/securetty /etc/securetty_bak
cp /dev/null /etc/securetty
usermod -G wheel youruser
Change the group affiliation of the su command, and make it remain setuid as root and executable only by group wheel members:
chgrp wheel /bin/su
chmod 4750 /bin/su
Test to verify that members of the group ‘wheel’ can use su to become root.
rm -fR /var/tmp
ln -s /tmp/ /var/
Create a 500Mb partition for /tmp
cd /dev; dd if=/dev/zero of=tmpMnt bs=1024 count=512000
/sbin/mke2fs /dev/tmpMnt
Backup the old tmp folder
cp -Rp /tmp /tmp_backup
Mount the new tmp filesystem
mount -o loop,noexec,nosuid,rw /dev/tmpMnt /tmp
chmod 1777 /tmp
Move the files back into tmp
cp -Rp /tmp_backup/* /tmp/
Add this to /etc/fstab so /tmp is mounted on startup:
/dev/tmpMnt /tmp ext2 loop,noexec,nosuid,rw 0 0
And check that the shm line in /etc/fstab looks like this:
none /dev/shm tmpfs noexec,nosuid 0 0
Unmount and remount /dev/shm
unmount /dev/shm; mount /dev/shm
Remove the /tmp backup if everything looks okay
rm -fR /tmp_backup
chmod 700 /usr/bin/rcp
chmod 700 /usr/bin/wget
chmod 700 /usr/bin/lynx
chmod 700 /usr/bin/scp
chmod 700 /usr/bin/GET
chmod 700 /usr/bin/gcc
chmod 700 /usr/bin/cc
yum remove samba
ServerSignature Off
ServerTokens Prod
query-source address * port 53
Add a line directly underneath with
version "Named";
