I was looking at my apt-get keys (with APT Key Manager) and, besides the usual keys:
I have this one: live-helper local packages key, no expiration
I am using Debian Squeeze from an original live-dvd installation; is the last key normal or should I remove it?
I'm an Oracle DBA and started working for my current employer about 4 months ago. This past weekend an alert re: FS space brought my attention to /var/spool/clientmqueue (full of mail re: cron jobs) and the fact that sendmail is not running on our Linux servers.I'm told that the IT security team deemed sendmail too vulnerable so we don't run it.Aside from FS filling up and missing notification of issues with crontab entries, I'm concerned that we may be missing notification of potential issues. In other Unix/Linux environments I've seen emails from the print daemon when it experienced problems with specific jobs.
Are there other Linux facilities aside from cron and lpd that use email to advise the users of possible issues? Are there ways to secure sendmail or secure alternatives to sendmail? My primary need/desire is to make sure that emails regarding issues on the server get to the appropriate users. Secondary goal would be to have the ability to use mailx to send mail out. There is No need/desire to receive mail from outside.
I want to change my user name, pretty my replace my user name completely so that it is reflected all around the OS. What is the less dangerous and most secure way to do it? I guess I can create a new user copy stuff all over but if there is an easier way I am going to prefer it.
View 7 Replies View RelatedUbuntu is based on debian unstable, but there might be some time lag before security patches get to debian testing --- so is Debian Testing more secure than Ubuntu ?
View 1 Replies View RelatedI need to setup a squid 3 proxy with https bumping. Unfortunately I'm not very familiar with squid and https in general.
I already perfomed the following steps:
1.) compile from source
Code: Select all./configure --with-openssl --enable-ssl-crtd
make
make install
2.) configuration (http)
I used this guide: [URL]
3.) configuration (https)
[URL]
The server is now working for http and https, but is the server secure, too? Is the default config already secure or do I need to configure additional security features? (e.g. things like cert validation, cert pinning, [dont know what's importend], ...)
I am trying to setup a web-based secure ftp client that can handle not only file transfers to and from one of my company's servers, but also allow new clients of ours to visit our site, create an account of their own and use it to log in and begin transferring files. This way, the users can manage their own accounts.
I don't know a lot about exactly what is running on our server, though I am almost positive it is debian based. I really only have access via ssh and ftp. I may be able to do more in the server room, but haven't tried. I thought about using net2ftp, but that doesn't seem to work with sftp, and also doesn't allow the creation of new users on the server.
Is there anything out there for me??You will undoubtedly require more information from me, so please let me know what it is and where I can find it and I'll get back to you as quickly as I can.
I've been deploying a lot of Debian based OSs for the desktops. I recommend the users to upgrade after every 2 months; however as we all know upgrades have their own flaws and issues, many times an upgrade does cause a lot of problems.
I'm deploying the testing branch of Debian, reason being hardware compatibility issues with older kernel and drivers. My main concern is security, I don't want the users to have big security venerabilities over time which's a consequence of not upgrading, but upgrading too may break the system (partially maybe...).
I know there's an option to only do security upgrades, but this will require a repository refresh... the consequence of not upgrading after a repository update is that if you install software using software center.. or even using aptitude or apt, it's bound to give a lot of dependency issues which users wont like.
This's the second question -- installing new packages with an updated repository and an older system gives issues.
I've got a lan with a mixture of linux and win machines. I've got one of those network addressable printers that I really like since I can access it from any machine on the lan in an os independent manner.
I saw in the local computer store network addressable hard drives, i.e., those that have an ethernet address and port. I really like the concept of having hdd storage that is both machine and os independent, just like my printer. However I don't know how to make it secure from spoofers. The only filter between it and the outside world would be my linksys wireless router, which has an internal firewall, but that doesn't seem to be enough security to me.
I'm having problems establishing secure sessions with my bank's online banking service provider. I've already contacted their local tech and together we were unable to solve the problem. I've tried deleting my cookies, session store, cache, and none of it worked. He's currently forwarding our conversation to the service provider's tech support line, but who knows what will come of it. Or even if they will offer support for an iceweasel user. I'm using Iceweasel 3.6.4~build2-1 out of the experimental repo.
I'm able to login successfully to online banking site to view my list of accounts, however if I try going any further than that, I'm redirected to an error message page that tells me a security error has occurred - the online session has expired. I get this on browser profiles 1, 2, and 3, however I do not get the error message on profile '0' (default) or on newly created profiles. And as mentioned earlier, I've tried deleting all persistent data (cookies, session, cache) on a non-working profile and the problem still exists. Let me know if I can provide any more information.
I have Acer Aspire S7-392. It has two 128GB SSD drives. They are using RAID 0. Currently there is Windows 8.1 installed on the RAID 0 drive.I am trying to install Debian 7.6 (wheezy) alongside Win 8.1 (dual boot). Actually I have already created linux partitions and installed mentioned Debian on my computer. I had to skip grub installation due to fatal error that had occurred. (Everything on existing RAID 0 volume).Now I am looking the way to install grub and boot Debian. I have disabled UEFI Secure Boot. It didn't work.
My question is:
1. Is it possible to have Win 8.1 and Debian dual-bootable on the same RAID 0 volume? How to install grub and boot debian?
2. If not, what am I supposed to do to achieve what I want (these two systems on one computer)? Delete old one RAID 0 and create two new: one for windows and one for linux partitions?
Since users need to disable secure boot to install Debian but can you enable after its installation?
View 7 Replies View RelatedI need to set up a Debian server in a windows network so that users can securely ftp docs to the Debian server and then pull docs from the server when needed - using a secure ftp session. I have the Debian Server built and IP'd. Do I just need to set up the vsftpd.conf and thats it? Right now I am just concerned with getting ftp working.
View 7 Replies View RelatedI am installing Debian for the very first time and having read websites similar to [url] I have come across parts of the installation which I do not understand.
For example, I have created logical volumes using the logical volume manager however am unclear what the message regarding writing changes to disk before configuring Logical Volume Manager means.
Once I have created the volume group, I am presented with a window that provides me with the ability to
Display configuration details
Create volume groups
Create logical volume
Delete logical volume
Extend volume group
Option 2 is pretty self-explanatory however am unsure whether it is advisable to segment directories between 2 or more volume groups. What benefits does it serve?
Option 5 provides me to extend a volume group however am unsure how this works?
Does it mean I can assign free space available one 1 physical drive to the existing volume group or does it mean I can assign free space available on a second phyical drive or does it mean both? How does it affect security, performance, etc?
Currently the only way I can see the logical volumes I have created by selection Option 4. Is there any other way? How do most people keep track of the logical volumes they have created e.g. checking off against a checklist, etc?
Next I have the ability to map the logical volumes to mount points however am confused what purpose the none mount point serves as I have the option to select it?
What are mount options for?
What do I use labels for?
What are reserved blocks for?
What does typical usage refer to?
How does the option to copy data from another partition work? What is it for?
I appear to have the exact problem that is currently listed in the 7.6 errata about EFI boot and black screen while trying to install ("Potential issues with UEFI booting on amd64"). The problem is that their workaround is not an option for me. This is a new rig and the motherboard doesn't appear to have any kind of ability to disable secure boot. I also don't know if my problem is exactly what they're thinking when it comes to that entry.
I'm able to get to the Grub install screen where you have the option to install Debian but when I select an option (any option) the screen turns off, back on but is black. All activity in the system stops after a few seconds (3-5 seconds) and that's it, she's done. I've tried all the options to try and disable secure boot but the options listed below are as close as I can get (and apparently should be sufficient).
The CD ISO used was the 7.6 netinst CD. I've also tried the Jessie ISO (Testing) that was downloaded about 2 hours ago. Same results. Unlike the errata which says "intermittent booting problems", my issue is consistently reproduced with no other result no matter what I do.
The rig:
-Asus H97-Plus running revision 2202
-Intel i5-4570
-32GB DDR3-1600
-128GB SSD Drive
-No external video card - using on board only but have tried both VGA and HDMI ports with the same result.
BIOS settings (is it still called BIOS or is it UEFI now?)
-Fast Boot: Disabled
-Launch CSM: Enabled
-Boot Device Control: "Legacy OPROM Only" or "UEFI and Legacy OPROM" (tried both)
-Secure Boot State: Enabled (it's grayed out and I'm unable to change this)
-OS Type: Other OS (supposedly makes it so you can boot non-Windows OS)
The Debian page with the errata: [URL] ...
Look for "Potential issues with UEFI booting on amd64"
The obvious suggestions I've tried:
-tried USB boot & CD boot - same result
-tried altering the grub script to add the ACPI options - no effect
debian 8 64bit
Should bios setting be eufi or legacy?
Should secure boot be enabled?
Things beyond my control are causing me to rush a bit in getting the website moved. I'm working hard to try and get it done, but something else has come up that SSL Certificate.I know that our website's "basket" area is protected by an SSL certificate to ensure customer information, especially credit info, is secure. With the move to Amazon's service, it looks like I may need to create our own self-signed SSL certificate to ensure the basket area remains secure.
I have found guides that walk through how to make one yourself and configuring apache to allow it, but something else has come to mind. The guides I found don't really indicate where the SSL certificate goes afterwards, and also doesn't suggest which sections should be governed by the certificate (as only the basket section uses it, not anything else). How would I find out that information?
I now have a windows box connected to the internet via the server.
Question is - how do I know if the linux box is secure?
Are there any things that I have to config now - I am slowly moving on to configuring the dns and dhcp server - but is there anything else I should have done?
I just installed Ubuntu about 3 days ago and all has been working well and I'm learning to use it more effectively every day. The reason i installed Ubuntu was because I discovered that people i thought were close to me were remotely SPYING ON ME through my computer.Apparently they had access to all my documents And could even hear and see me through my Mic And Web cam.I was using windows 7 with avg anti virus and windows firewall. I would like to be able to use my computer(with they Internet) without having to worry about people stalking me.I would like for it to be practically impossible for these scumbags to get anywhere close to my privacy. I have a router which i connect to with wifi and I'm running the latest version of ubuntu.
View 6 Replies View RelatedI have accessing the suse linux using putty via ssh-1 and able to login to remote shell . can we start a GUI session from ssh login?
View 1 Replies View RelatedI'm trying to set up a secure web tunnel at home I have an Ubuntu box (desktop), a Mac, and a Windows 7 box. I use all of them for different reasons. I want to be able to route traffic from my browser through my Ubuntu box. I have done this before with proxy servers abroad, but I want to do it using ssh and my box at home so I don't have to pay for a service i.e (Secure Tunnel)etc.
I followed the instructions at http://bit.ly/hAnp6u. However, using my Win7 box, after I set the browser part per the instructions, I get no connection from the browser.
I was wondering how safe is to use rdp to access my linux box. I am a little bit concerning about this issue because as I read on opensuse's web site rdp is "less" secure. The thing is that I do not know how much less is this "less"
View 6 Replies View Relatedsetting up secure ftp on linux
View 3 Replies View RelatedHow to Centos 5.5 very secure for mail server. how to its performance very fast.
View 2 Replies View Relatedperform below activities please guide how to do perform below activities.Make sure the Guest account is disabled or deleted.-Disabled or deleted anonymous accessSet stronger UserID policiesSet Key Sensitive UserID Default enable in linuxCombination of numbers, letters and special characters (*,!,#,$,etc.)
Status of UserID
Type
User Name
[code]....
I have a project in my web server (apache tomcat). I am using red hat. I have flashfiles directory in webapps/myproject/flashfiles. I can possibly access the files in the flashfiles directory as
http://localhot:8080/files/personal.swf
I have to secure the directory by accessing it only within the web application. Please, help me to secure the directory using web server or in red hat.
Until recently the secure log was working as expected, then suddenly it has stopped logging. No changes made that I'm aware of, though automatic updates via yum are occurring. I'm assuming this is all logged through klogd, which is running.
Not overly familiar with Linux logging, where should I be looking for problems?
In the upcoming days I will be formatting my F14 box and switching to F15. Now I have offered a friend to use some of my storage (8TB) as a ackup for her personal files/photos. I want to set it up so that she can be sure she is the only one having acces to it (so not even I can read them as root).How can I set this up. encryption? account configuration?
Most likely she will upload via secure FTP.She trusts me, but I want to provide her with the piece of mind that it is not accessible by anyone but her.
Howto secure a productive opensuse workstation? Have you virus scanner, for example clamav and rootkit scanner like rkhunter installed on a produktive opensuse workstation in your company?
View 1 Replies View Relatedhow to secure opensue? Or point me to some good articles etc?
View 9 Replies View Relatedthere are different methods for securing based on home versus professional computers. My questions generally pertains to securing home desktops, but professional protection is definitely welcome :) Knowledge is power. Ever since moving to the wonderful world of Linux a couple years ago, I never even really thought about security. Seeing as most low-life scum make viruses for Windows machines seeing as they're more abundant.But how do I know if I'm safe/secure from anyone who want's to get at me or my stuff. I know that anyone who is determined enough to get in will, there's no question about that. But what steps can I take to ensure I'm protected from things like rogue root shells and automatic attacks? Also, is there a sort of built-in firewall/antivirus in more Linux distros?
I know this question is quite broad seeing as there are tons of ways someone could compromise your system, but maybe you could share what you did to make sure you were safe.I decided to not allow root login via ssh and to change the port is listens on to something random. Hopefully this a step in the right direction. Currently looking at iptables and shutting down services.