Redirected stderr to /dev/null to silence output of `cryptsetup status /swap.img`
This was causing error output from my cron script.
Otherwise, if the swap file is not encrypted then the following error will be printed:
`Device swap.img not found`
SSH also supports host based authentication. In contrast to the totally
insecure rsh, the hostnames are checked cryptographically. The
authorization checks are still done with the same syntax as with rsh.
In addition to the old rhosts/rlogin (and eqviv) file, SSH adds the
slogin file. This must not be writable as well, as attackers could
elevate their privileges.
The old rsh (remote shell) grants access to users and hosts in the files
/etc/hosts.equiv and ~/r(login|hosts). If attackers can write to those
files, he can logon as a different user or even root (in case of roots
.r(login|hosts) only) to the system. While the rsh daemon usually checks
for non-root owners or write permissions, this may not be the case on
any system.
Those files might affect other services as well (rlogin, rcp, ...).
As hostnames and usernames are not verified securely, the use of rsh and
similar commands discouraged. It may still be in use on legacy systems
even today, so it should be secured as much as possible if not possible
to remove/replace.
When KRNL-5728 locates the kernel config it does not properly set LINUXCONFIGFILE
if config is found as /proc/config.gz. This causes KRNL-5730 to fail due to missing prereqs,
despite a kernel config existing.
Signed-off-by: Jeremias Cordoba <js.cordoba8321@gmail.com>
Check also certificates in DER (*.cer, *.der) format. Add
/etc/refind.d/keys to list of certificate paths.
Signed-off-by: Topi Miettinen <toiwoton@gmail.com>
Examine /proc/sys/fs/binfmt_misc (Linux) for additional registered
binary formats. Those are probably emulated and their emulation could
be less tested, more buggy and more vulnerable than native binary
formats, so they should be disabled when not needed.
Signed-off-by: Topi Miettinen <toiwoton@gmail.com>
