I want to change my user name, pretty my replace my user name completely so that it is reflected all around the OS. What is the less dangerous and most secure way to do it? I guess I can create a new user copy stuff all over but if there is an easier way I am going to prefer it.
View 7 Repliesperform below activities please guide how to do perform below activities.Make sure the Guest account is disabled or deleted.-Disabled or deleted anonymous accessSet stronger UserID policiesSet Key Sensitive UserID Default enable in linuxCombination of numbers, letters and special characters (*,!,#,$,etc.)
Status of UserID
Type
User Name
[code]....
I have been put on the task of changing the passwords of two user accounts on one of our debian boxes at work. The problem is that the current passwords are unknown, and I only have SSH access to the machine.
Is there anything I can do?
I thought about simply creating two new users and removing the old, but that may not be an option.
I need to configure software as debian image to work on server. I need to create user who is not root, but being able to change IP (I don't know if administrators who will install my image need to give static IP to it, so I want to create special user role for them being able to change IP but not able to see some restricted folders in the image).
View 2 Replies View Relatedwe are trying to make a policy decision whether to go with SSH user/passwd or PPK secure key ? our servers are hosted remotely by a hosting service. we were wondering which of these two models are more secure.e.g. i would tend to think that user/passwd with account lockouts upon failed attempts would be more secure because the other option exposes your server in case someone sneaks the PPK file or steals your whole computer.however, what makes me doubt myself is that Amazon Web Services EC2 cloud hosting uses PPK by default (although an instance's SSH config can be change to accommodate logging in but they don't endorse it).
View 3 Replies View RelatedI want to make a simple script so that the user can easy change the runlevels.
The script should prompt the user to choose the new runlevel, run the /sbin/init program and receive a confirmation message.
Howto change user password in live usb-hdd?[URL]you need to copy the
/usr/share/initramfs-tools/scripts/live-bottom/10adduser your build folder:
mkdir -p config/chroot_local-includes/usr/share/initramfs-tools/scripts/live-bottom/
cp /usr/share/initramfs-tools/scripts/live-bottom/10adduser config/chroot_local-includes/usr/share/initramfs-tools/scripts/live-bottom/
[code]....
I followed these steps to add a client to my active directory domain, everything is working as expected except that when a username has whitespace it creates a directory in /home with whitespace and gconf fail to access his config dir in the user's home. KDE also fails to start but I don't know what's failing yet. I found that the easiest way to fix these issues is to replace whitespaces by underline in homepaths so I changed the pam_mkhomedir source to replace the whitespaces and save it using the usermod command. It should work but is not... the reason is that I can't change the user data using the usermod because domain users are not in /etc/passwd.
View 5 Replies View RelatedI am wanting to try to change my normal user (bbq) to a different screen size within my secondary user (lfs). I was wondering how one would do that.
This happened when OpenClonk changed my screen resolution and when i changed it back my screen blacked out (and me being the idiot save it).
Debian 8 GNOME
Also (a bit unrelated) could a video card problem cause a user to log out? I have been having some severe problems with my monitor and I am thinking it is th video card. Sometimes when I am starting a program my monitor will lose connection to my computer (HDMI signal not found) and I will either have to wait a few seconds and it will turn on or it will just stay blacked out.
I want to restrict a user accessing my ftp site.
1) i can block the user in ftp configuration file
2) i can block the user in PAM or /etc/host.deny
i heard that if pam is denying the user and ftp is allowing the user the user can get the access it means that ftp conf file is stronger than host.deny
I'm trying to alter the usb install so that I have a user with a password. Being careful I created a new user, added them to the admin group and tried to login.
View 1 Replies View RelatedI am using Red Hat and was wondering how to disable username and password only login and require that a PPK secure key file be used for authentication ? I can log in using the secure private key and the public key that is in ~/.ssh/authorized_keys but i can still log in using the plain username and password login.
View 2 Replies View RelatedI use a secure connection to reach company network from outside. There's a client application "Juniper network", which creates the secured tunnel to a company network. However, the connection never survives more than 8 seconds, when it goes disconnected with the message "Route monitor alarm". From my recent search for a solution I've found that this error is caused by a change in a route table, which violates a connection policy.
"This disconnect is typically triggered by a change in the routing table of the client machine, the change is such that the split tunnel policies defined by the administrator will be violated" - from [URL]
This is how a routing table looks before, during and after the connection attempt:
Code:
[vs@dilbert network-scripts]$ route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
10.64.64.64 * 255.255.255.255 UH 0 0 0 ppp0
xxx.xxx.xxx.0 10.64.64.64 255.255.255.255 UGH 0 0 0 ppp0
[Code].....
I've setup Kerberos and OpenLDAP servers (9.10) similar to the official documentation (and other sites that fill in the "gaps"). However, when you start to get in to some of the details, there seem to be many options - and I guess I'm looking for what could be the defacto standard. I'd like to allow Ubuntu clients to have a sso capability, with the ability for local caching of passwords if not connected to the network (such as a laptop user away from the office, prior to a VPN). I'd like to automount a secure NFS share somewhere in the /home directory. If the user logs in to a computer they've not logged in to before (if they're authorized), it would be nice if a skeleton /home directory could be setup there automatically I'm guessing that it is not desirable to use a shared /home NFS - as if you're off the network this would be problematic - as well as multiple computers sharing the same /home. There are some benefits to a shared /home (SSH certs, etc.), so maybe there is a hybrid approach out there.
I've read that it's not necessarily good practice to have OpenLDAP to do the authentication (leave this to Kerberos), but it's fine for authorization (such as ACLs for logins to certain computers). It's also good practice to use TLS with OpenLDAP (which requires public certs on all the clients) and to not allow anonymous read to the directory. I would guess that a computer host keytab could be refreshed to bind to the OpenLDAP server via GSSAPI / SASL to allow a non-anonymous read, and then determine if, say, the user was a member of a group allowed to log in. Kerberos would then pick up and authenticate the user and then proceed to the login. Off the network here, I'm not sure. I found this document, but it's self declared missing items: [URL]
I'll stop the rambling, but I cannot be the only one who would like to setup a relatively standard and secure server based network authentication and authorization back-end. Is there any _complete_ documentation on the best practices and how to implement?
I want to add 50 new users, not on the server yet I want to add them all to group Accounting - with 1 option, not user by user I want to setup a default password for them all, and have it say something like 'You must now change password or no access will be permitted' Any other options I also want to do once, not for each user?
View 3 Replies View RelatedI am using mint 8 for a 2 weeks, I am noob to linux but I like Mint than any other linux distro which is great alternative to windows. I have a problem regarding password reseting.
1. My laptop automatically get logged in without asking user name and password.
2. I tried to change password for newly created user and root user using graphical way but it does not work.
2. I can perform administrator task using only OEM user which is default inbuilt user of mint.
How can make my laptop to ask password when mint get booted? How to change password for other users?
This netbook only has a user with non-administrative privs on it and root user but I do not have root's password.Is there a way that I can create a new administrative user of change the current user's group so that it can do sudo commands or have more privs?
View 1 Replies View RelatedI'm an Oracle DBA and started working for my current employer about 4 months ago. This past weekend an alert re: FS space brought my attention to /var/spool/clientmqueue (full of mail re: cron jobs) and the fact that sendmail is not running on our Linux servers.I'm told that the IT security team deemed sendmail too vulnerable so we don't run it.Aside from FS filling up and missing notification of issues with crontab entries, I'm concerned that we may be missing notification of potential issues. In other Unix/Linux environments I've seen emails from the print daemon when it experienced problems with specific jobs.
Are there other Linux facilities aside from cron and lpd that use email to advise the users of possible issues? Are there ways to secure sendmail or secure alternatives to sendmail? My primary need/desire is to make sure that emails regarding issues on the server get to the appropriate users. Secondary goal would be to have the ability to use mailx to send mail out. There is No need/desire to receive mail from outside.
How do I disable and change the user password using SSH on a Linux
View 3 Replies View RelatedI'm looking for a Linux command that can change ownership of all files belonging to a given user,preferably in a targeted directory, to another specified user. My dream command would look something like this. chuser -R --olduser tom --newuser jerry
This is my scenario... I have a backup file (.tgz) with user and group information preserved in it. It was taken from a web server running Apache and MySQL. The files in the backup are from across the system and contain files from several different users and several system type accounts and it is key that when restored on the new server the settings are not lost. The problem is that the users on the machine the files are being restored to don't match the ones in the backup file. For instance both machines had a MySQL user but they have different user ids and there are several user ids that existed on both machines that belong to different users. This means there is no way to sync the users on the new machine to the ones on the old machine. I can find all the users files with the find command like this...
find /decompressed-backup-dir -uid 1050
or
find /decompressed-backup-dir -user tom
If, as I suspect, there is no way to do what I want with a single command then perhaps there is a way to pipe the results of the find command to another command to handle the ownership change?
I could do this with a PHP script but there are 4GB and tens of thousands of files in the backup so I don't want to use PHP or Perl but I would be happy with a shell script that could handle it.
One user in my company wants to run some flush cache queries on a MySql database, it needs "reload" privileges of Administration, how secure is to give this rights to a normal user ?
View 2 Replies View RelatedI was looking at my apt-get keys (with APT Key Manager) and, besides the usual keys:
I have this one: live-helper local packages key, no expiration
I am using Debian Squeeze from an original live-dvd installation; is the last key normal or should I remove it?
Ubuntu is based on debian unstable, but there might be some time lag before security patches get to debian testing --- so is Debian Testing more secure than Ubuntu ?
View 1 Replies View RelatedI need to setup a squid 3 proxy with https bumping. Unfortunately I'm not very familiar with squid and https in general.
I already perfomed the following steps:
1.) compile from source
Code: Select all./configure --with-openssl --enable-ssl-crtd
make
make install
2.) configuration (http)
I used this guide: [URL]
3.) configuration (https)
[URL]
The server is now working for http and https, but is the server secure, too? Is the default config already secure or do I need to configure additional security features? (e.g. things like cert validation, cert pinning, [dont know what's importend], ...)
I am trying to setup a web-based secure ftp client that can handle not only file transfers to and from one of my company's servers, but also allow new clients of ours to visit our site, create an account of their own and use it to log in and begin transferring files. This way, the users can manage their own accounts.
I don't know a lot about exactly what is running on our server, though I am almost positive it is debian based. I really only have access via ssh and ftp. I may be able to do more in the server room, but haven't tried. I thought about using net2ftp, but that doesn't seem to work with sftp, and also doesn't allow the creation of new users on the server.
Is there anything out there for me??You will undoubtedly require more information from me, so please let me know what it is and where I can find it and I'll get back to you as quickly as I can.
I've been deploying a lot of Debian based OSs for the desktops. I recommend the users to upgrade after every 2 months; however as we all know upgrades have their own flaws and issues, many times an upgrade does cause a lot of problems.
I'm deploying the testing branch of Debian, reason being hardware compatibility issues with older kernel and drivers. My main concern is security, I don't want the users to have big security venerabilities over time which's a consequence of not upgrading, but upgrading too may break the system (partially maybe...).
I know there's an option to only do security upgrades, but this will require a repository refresh... the consequence of not upgrading after a repository update is that if you install software using software center.. or even using aptitude or apt, it's bound to give a lot of dependency issues which users wont like.
This's the second question -- installing new packages with an updated repository and an older system gives issues.
I've got a lan with a mixture of linux and win machines. I've got one of those network addressable printers that I really like since I can access it from any machine on the lan in an os independent manner.
I saw in the local computer store network addressable hard drives, i.e., those that have an ethernet address and port. I really like the concept of having hdd storage that is both machine and os independent, just like my printer. However I don't know how to make it secure from spoofers. The only filter between it and the outside world would be my linksys wireless router, which has an internal firewall, but that doesn't seem to be enough security to me.
I'm having problems establishing secure sessions with my bank's online banking service provider. I've already contacted their local tech and together we were unable to solve the problem. I've tried deleting my cookies, session store, cache, and none of it worked. He's currently forwarding our conversation to the service provider's tech support line, but who knows what will come of it. Or even if they will offer support for an iceweasel user. I'm using Iceweasel 3.6.4~build2-1 out of the experimental repo.
I'm able to login successfully to online banking site to view my list of accounts, however if I try going any further than that, I'm redirected to an error message page that tells me a security error has occurred - the online session has expired. I get this on browser profiles 1, 2, and 3, however I do not get the error message on profile '0' (default) or on newly created profiles. And as mentioned earlier, I've tried deleting all persistent data (cookies, session, cache) on a non-working profile and the problem still exists. Let me know if I can provide any more information.
I have Acer Aspire S7-392. It has two 128GB SSD drives. They are using RAID 0. Currently there is Windows 8.1 installed on the RAID 0 drive.I am trying to install Debian 7.6 (wheezy) alongside Win 8.1 (dual boot). Actually I have already created linux partitions and installed mentioned Debian on my computer. I had to skip grub installation due to fatal error that had occurred. (Everything on existing RAID 0 volume).Now I am looking the way to install grub and boot Debian. I have disabled UEFI Secure Boot. It didn't work.
My question is:
1. Is it possible to have Win 8.1 and Debian dual-bootable on the same RAID 0 volume? How to install grub and boot debian?
2. If not, what am I supposed to do to achieve what I want (these two systems on one computer)? Delete old one RAID 0 and create two new: one for windows and one for linux partitions?
Since users need to disable secure boot to install Debian but can you enable after its installation?
View 7 Replies View Related