- Open Event View with eventvwr.exe
- Open Applications and Services Logs\Microsoft\Windows\CAPI2 directory
- Right Click on CAPI2 and Enable Log
August 30, 2016
August 24, 2016
You can list your private certifacates on Windows with SunMSCAPI.
And to list trusted CA certs.
You can list your certificates on smart card with keytool and PKCS11
And in token.config you specify you PKCS#11 implementation.
On Windows it will be a DLL.
August 17, 2016
August 15, 2016
Everything in firewalld are organized in zones.
|--list-all-zones||List everything for every zones.||--get-active-zones||Print currently active zones altogether with interfaces and sources used in these zones.|
|--get-default-zone||Print default zone for connections and interfaces.|
|--set-default-zone=<ZONE>||Set default zone for connections and interfaces.|
||Bind source to zone.|
||Unbind source to zone.|
||Bind interface to zone.|
||Bind interface to different zone.|
Comments for zones from RHEL 7 Security Guide Using Firewalls.
|public||For use in public areas. You do not trust the other computers on the network to not harm your computer. Only selected incoming connections are accepted.|
|external||For use on external networks with masquerading enabled especially for routers. You do not trust the other computers on the network to not harm your computer. Only selected incoming connections are accepted.|
|dmz||For computers in your demilitarized zone that are publicly-accessible with limited access to your internal network. Only selected incoming connections are accepted.|
|work||For use in work areas. You mostly trust the other computers on networks to not harm your computer. Only selected incoming connections are accepted.|
|home||For use in home areas. You mostly trust the other computers on networks to not harm your computer. Only selected incoming connections are accepted.|
|internal||For use on internal networks. You mostly trust the other computers on the networks to not harm your computer. Only selected incoming connections are accepted.|
|trusted||All network connections are accepted.|
Below are commands to alter firewall. All command are only added in runtime and first adding options --permanent while it be written to disk and made permanent.
|--get-services||List all predefined services.|
||Open/allow traffic to service.|
||Remove/deny traffic to serice|
||Open/allow traffic on port and protocol.|
||Remove/deny on port and protocol.|
|--reload||Reload persistent rules from /usr/lib/firewalld/ and /etc/firewalld/.|
August 12, 2016
August 11, 2016
If you receive error message in Firefox:
"SSL received a weak ephemeral Diffie-Hellman key in Server Key Exchange handshake message. (Error code: ssl_error_weak_server_ephemeral_dh_key)
The page you are trying to view cannot be shown because the authenticity of the received data could not be verified. Please contact the website owners to inform them of this problem."
You first want to patch this server for logjam TLS vulnerabilities (CVE-2015-4000) and if it is a Java based container you also want to set -Djdk.tls.ephemeralDHKeySize=2048.