Fedora :: Practice Securing & Scanning System
Nov 29, 2010
Recently I've been going over a few resources (like Guide to the Secure Configuration of Red Hat Enterprise Linux 5) some forum members have provided and I've been using other resources I use for work (like the UNIX STIG requirements). I would like to improve my skill-set on hardening a linux server (for work and personal interest). Is there a specific linux distro I can install that is purposely corrupted/vulnerable where the sole goal is to secure it, and then have the means to scan it to make sure all vulnerabilities are patched and secured?
View 6 Replies
ADVERTISEMENT
Mar 10, 2010
I am currently studying for the Linux plus comptia exam.
Yes, Im aware, The theme OS is Redhat. I am just wondering if there are any free practice exams for the linux plus certification out there. Any Ideas?
View 3 Replies
View Related
Jun 25, 2010
I have a mail server that accepts to relay from system in the trusted network. One of the systems in the trusted network is a webserver. On the webserver there are several scripts that send email.Let's focus on the PHP scripts. These use the mail() function for that.I am looking for means to reduce the potential abuse of the mail server when one of the PHP scripts is hacked.For the situation that the code is modified by a hacker or a new script is installed I would like to take this approach:
1) scan the system for scripts using the mail() function
2) generate a checksum list from these scripts
3) intercept email (being sent to sendmail) from these scripts
4) check if they match the checksum list
In theory (I will still have to implement it) this would take care of the situation in which new/modified scripts try to send email.
However, there is also the option of an exploit of some script. Are there any ideas on means to prevent email abuse for this situation (other that: make sure scripts cannot be exploited )?
View 2 Replies
View Related
Jul 17, 2010
Quote:
ISC joined other key participants of the internet technical community in celebrating the achievement of a significant milestone for the Domain Name System today as the root zone was digitally signed for the first time. This marked the deployment of the DNS Security Extensions (DNSSEC) at the top level of the DNS hierarchy and ushers the way forward for further roll-out of DNSSEC in the top level domains and DNS Service Providers.
View 3 Replies
View Related
Mar 19, 2009
I am having trouble trying to setup an FTP server, so i made a video lesson to show how it is done PROPERLY. I actually had this before, but it was poor quality, and i went through it a little fast; so this time it is better quality and i explain more details. You can find it here:
[Code]...
View 2 Replies
View Related
Nov 19, 2009
I'm still new to PHP and SQL, but all the tutorials I've found connect to the database like this:
PHP Code:
Right now I'm just doing local network tests before exposing everything to the Internet.
Wouldn't leaving the password in there as plain text be a huge security issue? I tried downloading the php file off the server, and it just comes down blank. So does PHP already have a security feature that doesn't allow anyone to just nab PHP files off the server?
And for Postgre, I have pg_hba.conf set up to "trust" it's own IP address:
Code:
Would I need to use something like Kerberos, PAM, or ident authentication? Right now the only plan is to use it as login system for a website. The clients themselves won't be accessing the DB itself, because all the DB access will be through PHP.
View 4 Replies
View Related
Mar 11, 2010
I am creating an FTP server using VSFTP. It will be in the wild, initially at least only functioning as an FTP server. I have the iptables config from the previous box I set up 3-4 years ago. I have also got private/public key authentication running with SSH to eliminate brute force attacks.
Here is where is my specific question. On the old server I set up something that allowed my clients to log in using accounts that were not system accounts but would translate to a single system account that was limited to FTP. I remember setting up a passwd account that had username / password pairs that FTP used for authentication.
What app is this? Is it just part of VSFTP or maybe SELInux? I really want to utilize this.
View 2 Replies
View Related
May 8, 2010
About apache security. How to protect web-server from programms like phpshell [url]?
View 8 Replies
View Related
Apr 1, 2010
I have to deploy a server to some customers that should not be given access to the server itself. I know that nothing is 100% secure but I've searched without finding a decent answer (maybe I googled for the wrong terms ?)I need some advice about encrypted filesystem. * The server must boot without asking for a passphrase (the server will be in a restricted access area so typing a password could take a while). I can't store the password for luks in an unencrypted file so it seems a loop to me. The only way out I can see is to store the passphrase in the boot binaries (better than nothing...) but this results in more work for me.* possibly the customer should not be able to move the hard disks to another pc, i.e. reading the passphrase from some unique hardware ID. This is risky but I could add a master passphrase to be used in case of hardware replacement
View 3 Replies
View Related
Nov 19, 2009
I am pretty new to the Fedora 11 world. I have maradns installed on it and I'm using it as my server. What is the best way to make my machine secure. This is just a project of mine so I can become familiar with sys admin on Fedora. It doesn't have to be ultra secure, just a decent level of security would be nice. Any links or information would be greatly appreciated. Btw, I currently have selinux disabled. I'm not familiar with it and it was giving me problems so I had to disable it.
View 4 Replies
View Related
Jan 18, 2010
I am relatively new to linux having only used ubuntu 9.10. Trouble is for all the talk of how secure ubuntu is, truth is it kept getting remote hacked (I have a stalker who is messing with me) over and over so now I am going to try fedora in hopes of finally having a secure system. My question is, what steps do I need to take to try to secure Fedora 12?
View 9 Replies
View Related
Jun 15, 2010
I thought I had a post out there that thoroughly covered this topic. But, I looked and I couldn't find it.Well, I am trying to get Sane to run so I could scan documents. I have printing set up, and the cups daemon is set to run at reboot. What are the following steps to achieve my objective,
View 9 Replies
View Related
Jul 12, 2010
I am starting a new job, and need to brush up on my expect scripting. does anyone know of any online resources, e.g. telnet sites that I can play about with?
View 4 Replies
View Related
Apr 22, 2011
I have searched the net for The Best Practice of C-Style Stings, but the examples i have found aren't sufficient.Can someone please show me The Best Practice for C-Style Stings, or direct me to something i can read that shows in details the best practice.
View 12 Replies
View Related
Oct 27, 2010
Am investigating processor affinity theory and practice, am somewhat surprised at the paucity of information on something that has been a part of many Windows Enterprise type applications for more than a decade and although I haven't investigated would assume is supported by big iron UNIX.What it is Processor Affinity is the *NIX terminology for "soft" assigning a process and its threads to a specific processor core. On multi-tasking machines and particularly those which run heavy loads it can be useful to "advise" the Scheduler to isolate/assign heavy loads to a core separate from other processes. I also have a specific situation where I would like to run more than one instance of a specific app, but cannot when sharing the same processing environment.
What I've found so far By default, any and all processes are assigned an affinity that permits running on any and all available processors.The taskset utility can be used to modify the affinity for any process, which means that once an application/service/process has been launched, only then can the affinity be modified.It seems that the RH platform may also have a utility called tuna which might provide some tuning capabilities in addition to setting affinity but does not seem to be in the SuSE repositories and I cannot find source.Is there a reference or utility that can launch an application with a specified processor affinity?
View 6 Replies
View Related
Mar 31, 2010
I've only ever installed two programs that came in .tar.gz's with their own install.sh scripts. Each one recommended to be saved in /opt.What is opt? Should all .tar.gz programs with their script installer be handled in the opt directory?
View 6 Replies
View Related
Aug 21, 2009
I was about to post a new thread and saw that there are several answers out here already and I have done the new group permission one on my server -- actually on my test server I just added "my user" to the group "root" to gain rw access to /var/www/htdocs/.Someone suggested that the proper way might be to do symlinks to the directory in a real production environment and I wanted to find out if that is the *best* way to go or whether to actually make a group "www_admin" (pick your favorite flavor of this) and add my users to that group?
I guess I am looking for the "best practice" in a real corporate production environment that is most secure.
View 3 Replies
View Related
Apr 9, 2011
I am new to Slackware but I'm a bit familiar with Ubuntu. I normally partition my ubuntu using /swap, /root and /home. In ubuntu it is recommended to separate /home and /root partitions so that later on if something to be changed in the system we just need to apply on that /root without affecting our old data in /home. Is it the same way in Slackware applied? If so, is it the same as having /swap, /root and /home partitions as well? Can anyone suggest for the harddisk distribution of my 320GB space..
View 14 Replies
View Related
May 23, 2011
I'm writing you to ask some help with administrating a server remotely.
I have a machine I use remotely when I have to travel, some time for quite long periods like from one to three months.
Last time it happened to me that after upgrading I send the reboot command
and the machine didn't turn down, so I couldn't be able to access it.
My question is: how can I avoid such situations?
Is there any best practice to follow?
View 5 Replies
View Related
Jul 18, 2011
I want to practice setting up of NFS server and NFS client on Redhat using virtual machine on my laptop. I dont think setting up NFS should not be a problem but how do I replicate a NFS client. I just have one laptop. Is it possible to replicate both server and client using the same laptop? If so, can anyone tell what tools i can use to perform the above for practicing.
View 3 Replies
View Related
Jun 5, 2010
how to set server like facilities on home pc to practice for RH 133 & RH 253 for RHCE exam.
View 3 Replies
View Related
Jan 2, 2010
I have the following scenario:
- Server installed in wired network. The server has a static IP. It has Ubuntu Server 9.10 installed.
- I have two Ubuntu notebooks (Ubuntu Desktop 9.10) and I want them to connect (mount) to the server on bootup (fstab or equal) if the network is available.
- I don't want to store the password in cleartext in the fstab file. So what other options do I have? What would be the most common practice here?
View 7 Replies
View Related
Apr 11, 2010
is there a resource/material that can simulate a RHEL on your personal machine so that one can practice for RH302 exam accurately? I am looking to practice sample questions with some kind of simulation environment where the scenario is similar to the real-time scenario that we can expect in the exam. For instance, the system is already broken with what is mentioned in the question so that I can focus only on solving the problem rather than breaking it first. I am looking for something specific to RHCE exam preparation/practice rather than using a tool like trouble-maker.
View 4 Replies
View Related
Nov 15, 2010
-the command to copy the file Practice.txt to a new name of Myfile.txt while in the home directory-found
-command to create a directory in the home directory-found
-say i just created a new directory called "test". whats the command to delete the test directory.-found
-command to create a blank, text file without using an editor.
-the exact syntax in Linux you would need to rename the file to a new name-found
View 4 Replies
View Related
Jun 29, 2010
I ran the LiveCD of Fedora SecurityLab and noticed these ports open, 111,631, 34526.How can I close them and what runs behind them. I know 111 is rpcbind, 631 ipp and 34526 is unknown.
View 4 Replies
View Related
Sep 15, 2010
We have a public server and it can be accessed from any where through ssh.
My question is my server should not allow anyone directly to login as root user. First he should login as normal user then he should switch to root user.
I also have another questions is there any specific linux command is there to end other users ssh session without rebooting the server.
View 2 Replies
View Related
Jan 26, 2010
I installed OpenSSH via tasksel and am using Webmin for administration. I'd like to be able to SSH externally and want to setup the necessary public/private keys to use in FileZilla.
In Webmin, under Servers > SSH Server I can click 'Host Keys' and see an RSA key. Is this the public or private key for my server? Do I need to copy this into a text file to import it into FileZilla on my remote PC (that I want to connect from)? Is that all that needs to be done (aside from opening the port on my router/firewall)?
Is there an automated way to set this up via Webmin?
View 3 Replies
View Related
Feb 27, 2011
Recently I have installed Debian Squeeze amd64 on my home desktop. I have used the standard installation method using DVD. I use my desktop primarily for web surfing, playing games and web application development. I do run apache2 and mysql servers on my system as need arise. I have been told that apache2 server execution without mandatory access controls such as apparmor or selinux makes the system vulnerable.
I could not find apparmor in synaptics, so I choose selinux for this task. To start with I installed identical environment in virtual box and tried installing selinux as given in url [url]. After the last step i.e. after running command selinux-config-enforcing and reboot I get login screen, I choose username and enter password. Thats it. The screen becomes blank and no further progress. I am not sure where did I went wrong. I am also curious whether selinux is really required in such cases or there is any better way to handle such situations. I also thought of running apache2 service from virtualbox. But I did not find it suitable for my requirement though.
View 7 Replies
View Related
Aug 1, 2010
In our small company, we have a policy on our current Windows computers to install and use TrueCrypt to encrypt the complete harddrives, together with Heidi Eraser to make scheduled overwrites of "not-used" data on a schedule to prevent the eventual reconstruction of deleted files.
We believe that this make quite a good foundation to prevent our data from getting in the wrong hands in the event of someone loosing a laptop on the way to the office or even a burglar stealing computers over night.
So to the question:
Since we have nearly switched all of our computers to Ubuntu during the last few weeks and we wonder what we could and should do to our Ubuntu computers to ensure a good, solid foundation to keep our data secure?
View 1 Replies
View Related
Aug 27, 2010
I am trying to secure my LAN a little by doing static arp entries. But I am not sure how to go about doing this... I have a gateway, and I have a seperate box that runs dhcpd. I would like to assign every machine an ip and only allow it to use that ip, therefore static dhcp entries, and static arp entries on the gateway.
1. But how do I prevent someone from picking an ip that nobody is using and assigning it manually?
2. I assigned a static arp entry by doing arp -i br0 -s 2.2.2.35 00:1F:E1:CC:2E:46, how do I remove it now? I used arp -d but now it just says:
? (2.2.2.84) at <incomplete> on br0
3. I would also like each machine to have a hostname/dns.. like machinex.local, where I can do forward and reverse dns lookups, how do I config this?
4. I know static arp can be fooled if someone just clones an allow mac.. is there anything else that I could use that is more secure for wired lan?
5. I have my gateway running rflow sending all data to ntop running on my dhcp box.. Ntop is kinda cryptic, is there anything easier to use? or something that is better in features? I would like to see how much bandwidth each local ip is using and possibly what protocols, like ntop already shows.
View 1 Replies
View Related
