‘Pengendali laman blog ibarat penembak curi’ > my comment

‘Pengendali laman blog ibarat penembak curi’


KUALA LUMPUR: Datuk Shaziman Abu Mansor semalam mencabar pengendali laman forum atau blog yang berselindung di sebalik nama samaran untuk tampil dan berdebat secara terbuka mengenai pelbagai isu semasa.


Timbalan Menteri Tenaga, Air dan Komunikasi itu berkata tindakan kumpulan yang mengkritik pihak tertentu termasuk kerajaan tetapi enggan mendedahkan identiti sebenar seperti penembak curi.

Katanya, kumpulan itu harus menghentikan kerja yang sia-sia dan tidak bertanggungjawab itu.



“Bukannya berlindung di sebalik blog atau laman web yang tidak bertanggungjawab,” katanya menjawab soalan tambahan Dr Tan Seng Giaw (DAP-Kepong) di Dewan Rakyat semalam.

Tan meminta kerajaan mengawal tindakan pihak yang tidak bertanggungjawab menyalahgunakan Internet untuk tujuan tidak baik.

Shaziman berkata, kerajaan pada dasarnya tidak mempunyai peruntukan undang-undang mengawal internet termasuk laman forum dan blog berikutan Akta Komunikasi dan Multimedia 1998 serta jaminan Koridor Raya Multimedia (MSC), menyekat penggunaan Internet.

"Sehubungan itu, saya mengharapkan kebijaksanaan rakyat menilai kesahihan pelbagai isu yang digembar-gemburkan di dalam internet.

“Kita boleh memantau dengan mendaftarkan semua blog atau laman web di dalam negara kita, tetapi kita jangan lupa, rakyat kita masih boleh mendaftar blog milik mereka di luar negara,” katanya yang menyifatkan perkara itu bukan hanya berlaku di Malaysia, tetapi di seluruh dunia serta sukar dibendung.

Menjawab soalan asal Chong Eng (DAP-Bukit Mertajam), Shaziman berkata, kerajaan mengekalkan prinsip membiarkan pengendali stesen televisyen menjalankan proses saringan masing-masing dan tidak berhasrat mengetatkan kawalan siaran berita dan rancangan televisyen tempatan.

-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
COMMENT AKU :

1 - Laman web tidak pernah disekat ketika era reformasi kerana untuk menyekat laman web ia adalah sesuatu yang mustahil jika ianya dipublish dari pelayan luar negara (bukan bermaksud aku menyokong reformasi), cuma kebebasan bersuara melalui laman web bagi aku adalah hak individu.

2 - BLOGGER juga adalah seperti penulis, mereka akan menggunakan nama samaran so ungkapan penembak curi yang dilemparkan amat tidak sesuai - bagaimana dengan penulis akhbar harian/gossip?

3 - quote dari berita atas - "Sehubungan itu, saya mengharapkan kebijaksanaan rakyat menilai kesahihan pelbagai isu yang digembar-gemburkan di dalam internet." : ya, rakyat malaysia bijak-bijak semuanya buat apa nak risau kalau berita tersebut tidak betul dan tidak sahih

4 - "Kita boleh memantau dengan mendaftarkan semua blog atau laman web" - kalau empunya dihost di malaysia boleh lah, inikan dunia IT its global be realistic

5 - no comment on stupid comment i heard lately regarding blog lah, internet lah etc.

p/s: pesan atok aku, jangan takut kepada bayang-bayang sendiri nanti kita sendiri yang menggelabah tibah :)

Solaris Hardening Checklist

Solaris Security Hardening Checklist


  1. Was OS loaded from an official Solaris CD?
  2. Are partitions large enough to accommodate patches and upgrades?
  3. Was Tripwire used to baseline the system before connecting it to a network?
  4. Is the system at he current patch level?
  5. Are there 2 system back ups? One on site, one off site?
  6. Is OpenBoot Security level set to command or full?
  7. Has OpenBoot banner been changed?
  8. Has screen autolock been turned on?
  9. Does the system implement Filesystem Quotas?
  10. Does the system have a complex permissions scheme? If so have ACL’s been implemented?
  11. What files/directories have SetUID bit turned on?
  12. Are any files with SetUID bit turned on shell scripts?
  13. Is there a group password that must be used with the newgrp command?
  14. Is root umask set to 077 or 027?
  15. Check system device permissions
  16. Use ASET, COPS, Tiger Tripwire and lsof to audit filesystem.
  17. Make sure no files in /etc are group or other writeable
  18. Make sure /var/adm/utmp and /var/adm/utmpx are 644
  19. Has ls command been aliased to show hidden files?
  20. Has rm command been aliased to ask for verification?
  21. Have filesystem inode numbers been randomized?
  22. Have daemon, lp, bin, sys, adm, uucp, nuucp, listen, nobody, and noaccess accounts been locked?
  23. Have sysadmin and sys groups been locked?
  24. Do any PATH or LD_LIBRARY_PATH statements contain “.”?
  25. Are permissions on /etc/passwd –rw-r—r--?
  26. Are permissions on /etc/shadow –r--------?
  27. Check /etc/default/passwd to ensure password aging and length.
  28. Use grpck to check consistency of /etc/group
  29. Are permissions on /etc/group –rw-r—r--?
  30. Can root log in from console only?
  31. Is su available only to admins?
  32. Are all su attemps logged?
  33. Is system name part of shell prompt for root and other admins?
  34. Has /etc/system been configured to prevent stack-based buffer overflows?
  35. Check /etc/default/cron and crontab files.
  36. Ensure that proper /etc/cron.d/cron.allow and cron.deny files are set up.
  37. Check /var/spool/cron/atjobs file.
  38. Ensure that proper /etc/cron.d/at.allow and at.deny files are set up.
  39. Make sure that scripts and programs launched by cron are readable only by owner.
  40. Are failed login attempts logged to loginlog?
  41. Is ip_forwarding turned off if machine is not used as a router?
  42. Has logcheck auditing tool been installed and used?
  43. Is the system configured to ignore redirects?
  44. If system is not used as a router, is ip_forward_directed_broadcasts turned off?
  45. Is ip_forward_src_routed turned off?
  46. Is root the only user with execute privileges for snoop?
  47. Has auth (identd) been disabled at the firewall by blocking TCP and UDP port 113?
  48. Is sendmail daemon running on a system that is not a mail server?
  49. Has /etc/mail/sendmail.cf been configured to prevent message source routing?
  50. Does only the print service have write access to the print device?
  51. Are only needed services running?
  52. Has inetd tracing been turned on?
  53. HasTCPWrappers been implemented?
  54. Make sure there is not a /etc/hosts.equiv file unless absolutely necessary.
  55. Has Secure Shell (ssh) been installed?
  56. Has anonymous ftp been turned off?
  57. Has ftpd logging been turned on for logging and debugging?
  58. Have root,uupc, and bin been added to /etc/ftpusers file to prohibit ftp connections?
  59. Has tftp been turned off?
  60. Is a GUI installed only on necessary systems?
  61. Is there any type of Intrusion Detection System installed?
  62. Has Diffie-Hellman or Kerberos Authentication been configured?
  63. Has IPsec been implemented?
  64. If DNS is used, has a Split-Horizon DNS architecture been implemented?
  65. If DNS is used, has BIND version been configured to stop illicit zone transfers?
  66. Is the latest version of BIND being used?
  67. If NIS is used, have NIS maps been moved out of /etc directory?
  68. If NIS is used, does root user have the only read and write access to /var/yp directory?
  69. Is NIS domain name different from DNS domain name?
  70. If NIS is used, has /var/yp/securenets beent implemented to make NIS maps available only to specific networks or systems?
  71. Are NIS clients bound to specific servers?
  72. Use rpcinfo –b option to detect illicit NIS servers.
  73. If NIS or NIS+ is used, does nsswitch.conf specify “passwd: hosts nis” or “passwd: hosts nisplus” to keep root account local?
  74. If NIS+ is used, ensure that there are no rights for “nobody” using niscat command.
  75. If NIS+ is used, does “nobody” have access rights?
  76. If NIS+ is used, is security level set to at least 2?
  77. If NIS+ is used, is it administered with admintool?
  78. Are all NIS+ tables backed up daily?
  79. Are NIS+ transactions flushed daily?
  80. Has nscd caching been disabled?
  81. If NFS is used, have systems that can mount an NFS directory been restricted with the share command in /etc/dfs/dfstab?
  82. Are permanent NFS client mounts set up in /etc/vfstab?
  83. Has NFS Portmon been set in /etc/system?
  84. Are any servers NFS clients?
  85. Have indirect automounter maps been set up?
  86. Is automounter browsing disabled on NFS clients?
  87. Have all services been commented out of /etc/inetd.conf?
  88. Are permissions on sulog and loginlog set to 640?
  89. Has /etc/issue file been created to display warning banner for telnet logins?
  90. Has /etc/default/login been set so that root cannot telnet into the system directly?
  91. Has /etc/default/telnetd been configured to remove the OS banner?
  92. Has /etc/default/ftpd been configured with a warning banner?
  93. Has the wheel group been created and su command in both /usr/bin/su and /sbin/su.static limited to it?
  94. Have permissions on .rhost,.netrc, and /etc/host.equiv been set to 0?
  95. Have TCP initial sequences been randomized by setting TCP_STRONG_ISS=2 in /etc/default/inetinit?
  96. Has ulimit been set to 0 in the system profile to restrict core file generation?
  97. Are there any unnecessary world writeable files?
  98. Do all users have a password set in /etc/shadow?
  99. Does each user have his/her own account and not a shared account?
  100. Does each user have a unique UID?
  101. Has CD-ROM drive been removed from servers after initial installation?
  102. Is SetUID disabled on local and remote disk partition mounts?
  103. Are any guest or default accounts on the system?
  104. Have all inactive user accounts been removed?
  105. Do only authorized users have write access to any bin or lib directories?
  106. Check for all . directories and ensure their validity.
  107. Have ICMP type 17 packets (MASKREQ) been blocked at the router or firewall?
P/S: SAVE FOR MY REFERENCE

:- STARTING TODAY I'LL INCLUDE MOOD OF THE DAY (MOTD) NOT MESSAGE OF THE DAY (MOTD) LIKE RESIDE IN THE UNIX SYSTEMS :)

MOTD : :-)

Surat Terbuka Untuk CITY

Semakin ramai golongan kreatif di Malaysia, ini antara contohnya haha lawak ahh read the rest:

Kepada Sdra Pengantin,Tahniah di atas perkahwinan sdr yang bakal menjelang. Kami kawan-kawansemuanya mengucapkan tahniah dan selamat berbahagia, serta semoga jodohberpanjangan, dan insya Allah kami hadir di majlis saudara.

Bagaimanapun, setelah mengambil tahap kemeluatan rakyat Malaysia terhadaplaporan-laporan media berkaitan persiapan perkahwinan beberapa ‘celebrity’tempatan yang bakal berlangsung, sukacita kami mencadangkan kepada sdrdan bakal isteri agar tidak terjebak dalam perkara-perkara yang tidaksenonoh seperti berikut:

(1) Sekiranya sdr bercadang mengadakan majlis perkahwinan di pusat-pusat persidangan seperti Kuala Lumpur Convention Centre, diharap sdr dapat memberi pertimbangan kepada pengguna-pengguna jalanraya di sekeliling tempat majlis itu diadakan. Besar harapan kami sekiranya sdr tidak menyekat atau mengubah laluan trafik, terutamanya ketika sdr mengadakan raptai penuh majlis perkahwinan pada hari dan masa orang-orang tengah sibuk nak pergi atau balik dari kerja.

(2) Kami tidak mempunyai halangan sekiranya sdr dan isteri mengimpikan majlis perkahwinan ala “Cinderella”. Mana-mana pasangan pengantin juga berhak memilih tema-tema seperti “Beauty and The Beast”, “Snow White & The Seven Dwarfs”, “Happy Happy Puffy Amy Yumi”, “PowerPuff Girls”, “Courage The Cowardly Dog”, malah ala “Basic Instinct” atau “XXX”, err, maksud saya,”X-Men”, sekali pun. Kami hanya memohon jasa baik sdr agar tidak menghuraikan impian sdr dengan panjang lebar dalam surat khabar contohnya tentang gaun pengantin tujuh lapis (tak panas ke?), kek tujuh tingkat dengan bertangga, naik kereta kuda tujuh roda dan sebagainya. Sesungguhnya, dalam zaman di mana kita perlu memulihara alam sekitar, amat tidak wajar sekal banyak pokok terpaksa dikorbankan untuk diproses menjadi kertas suratkhabar, tetapi dicetak dengan cerita-cerita fantasi seperti itu.

(3) Adalah juga dicadangkan agar sdr dan pihak keluarga belah pengantin perempuan, utamanya ibu bapa mertua, membuat “message alignment” agartidak mengeluarkan kenyataan-kenyataan yang bercanggah berkaitanperkara-perkara seperti duit hantaran. Sesungguhnya kami tidak mempunyai apa-apa halangan tentang jumlah duit hantaran, sama ada RM88,888.88 atau RM22,222.22 atau RM00,000.00, dan juga tidak hirau sama sekali sekiranya duit hantaran itu dibayar dalam bentuk Ringgit Malaysia, rupiah Indonesia atau menggunakan kad kredit. Yang penting, sdr dan isteri selamat diijabkabulkan denganmemenuhi syariah.

(4) Sekiranya sdr dan isteri bertuah menerima tawaran mana-mana stesentelevisyen agar majlis sdr disiarkan secara langsung di tv kelak, besar harapan kami sekiranya sdr memaklumkan stesen televisyen tersebut agar tidak membatalkan rancangan-rancangan lain yang lebih penting dan bermakna seperti EPL, CSI, dan Formula 1.

Kami juga mengucapkan tahniah sekiranya demi memenuhi permintaan segelintir peminat sdr, sdr perlu melangsungkan majlis perkahwinan tambahan di Indonesia, Inner Mongolia, Swaziland, Bukina Faso atau Solomon Islands, tetapi kami amat amat amat berterima kasih sekiranya sdr memaklumkan kepada semua stesen televisyen di Malaysia agar tidak menyiarkan majlis perkahwinan sdr sepanjang masa, termasuk semasa tayangan Berita Perdana. Mujurlah Akademi Fantasia sudah selesai.

Kalau tidak, harus pusingan Final AF terpaksa ditangguh semata-mata nak menyiarkan majlis perkahwinan sdr. Bukankah itu akan menjejaskan pendapatan syarikat-syarikat telekomunikasi negara (Maxis, Celcom, Digi), seterusnya membawa kepada kemerosotan ekonomi?

Jasa baik sdr dan bakal isteri dalam memberi pertimbangan yang adil dan sewajarnya kepada rayuan rakyat marhaen seperti kami amat kami alu-alukan dan didahului dengan setinggi-tinggi penghargaan dan jutaan terima kasih. Semoga pernikahan sdr dan bakal isteri direstui dan diberkahi Allahs.w.t.Aaaamin.

Selamat menjadi Pengantin Baru (tanpa menyusahkan orang lain)!

Salam hormat,Siti K.



p/s: Satu lagi lawak yang biasa kedengaran semenjak dia mau kawin ni ialah about Tiara, City and Serena :D

Solaris10 cool command

FIbre Channel Device management command

In solaris10 there's one command that will help you get all info about your fc (fibre channel) device unlike in solaris8 or solaris9 and its called fcinfo;

fcinfo– Fibre Channel HBA Port Command Line Interface

SYNOPSIS

fcinfohba-port [-l] [HBA_port_WWN…]
fcinforemote-port [-ls] [-pHBA_port_WWN] [REMOTE_port_WWN…]
fcinfo [-V]
fcinfo [-?]

DESCRIPTION

fcinfo is a command line interface that collects administrative information on fibre channel host bus adapter (HBA) ports on a host. It also collects data on any fibre channel targets that may be connected to those ports in a Storage Area Network (SAN).

Example:


# fcinfo hba-port

HBA Port WWN: 210000e08b074cb5
OS Device Name: /dev/cfg/c1
Manufacturer: QLogic Corp.
Model: 375-3108-xx
Type: N-port
State: online
Supported Speeds: 1Gb 2Gb
Current Speed: 2Gb


BTW, in solaris 8/9 if you wanna get info for FC device few commands involved :
cfgadm -alv, luxadm -r port, luxadm probe, prtpicl or prtfonf and grep for your card target
no in dmesg and /var/adm/messages

P/S: Solaris10 - why they dont want to use it so many shorcuts command in there :)
Node WWN: 200000e08b074cb5

How do I configure sendmail not to use DNS?

Boloq woq'

How do I configure sendmail not to use DNS?

Why we dont want DNS?
In situations where you're behind a firewall, or across a dial-up line, there are times when you need to make sure that programs (such as sendmail) do not use the DNS at all. Or I want to do an email relay but i dont want to put my machine as a dns servers locally.

And note that you'll need to forward all your outbound mail to another machine as a "relay" (one that does use DNS, and understands how to properly use MX records, etc...), otherwise you won't be able to get mail to any site(s) other than the one(s) you configure in your /etc/hosts file (or whatever). The use of a smart host is one way to do this; the following in your .mc will do:
define(`SMART_HOST', `name.of.smart.host')dnl
Also, starting with 8.9, it may help to include the following in your .mc file:
FEATURE(`accept_unresolvable_domains')dnl
FEATURE(`accept_unqualified_senders')dnl
And starting with 8.12, changes to submit.cf are required as well; the following in your submit.mc can minimize the problem:
define(`confDIRECT_SUBMISSION_MODIFIERS', `C')dnl

HOWEVER, i dont know THIS one also apply to which version of sendmail im not very sure but it works

Put this entry in /etc/mail/mailertable file
hostname {esmtp}:domain

DONE!!!!!!!!!!!!!!!!!!!!

p/s: Boloq Woq' dalam bahasa loghat percakapan terengganu bermaksud berkecamuk/serabut/tidak terurus

:D bukan maksud aku pun begitu ya..................



PETRONAS

Siot la....... aku x nak beli lagi minyak primax3 dia yang tak berapa pergi jauh pun :(

Damn You Dirty Apes

Israel