Fedora Security :: Sandbox Does Not Run With NX Client?

Apr 12, 2011

My machine, running FC13, is accessed by a NX client / server (freenx-server.i686 package installed). Using the NoMachine NX client, when I launch the sandbox program (policycoreutils-sandbox.i686 package), for example,sandbox -X xtermthe process dies without displaying a screen. The problem comes from the Xephyr server that complains : 'Xephyr cannot open host display. Is DISPLAY set ?'. Xephyr is called in the bash file /usr/share/sandbox/sandboxX.sh by:/usr/bin/Xephyr -title "$TITLE" -terminate -screen $SCREENSIZE -displayfd 5 5>&1Is there a way to solve this problem ?

View 2 Replies


ADVERTISEMENT

Fedora Security :: Mouse Pointer Locks In SELinux Sandbox Window?

May 29, 2011

Running firefox in a SELinux sandbox - periodically the mouse refuses to leave the sandbox (i.e., gets stuck in the browser, refusing to traverse across the window border onto the desktop). This usually happens once in a while, though periodically once every 15 mins or so - no particular pattern, no pattern in the websites visited either.

The setup is as follows:

- Fedora 15 with a bare metal X install (TWM, desktop locked down ala a kiosk install - I will try a different wm to see if that makes any difference at some point)

- VPN (having been through a few VPN providers not all are equal, and this is a pretty good one, running OpenVPN at the mo. - I will try L2TP when I get round to it)

- Firewall locked down to the max.

- As far as reasonably can be done, no direct access to the machine - the install at least in theory is untainted

Does anyone know of a SELinux forum? Can't see anything myself or at least in the first instance.

I'm assuming this is a MITM problem - largely 'cos I have crime sitting on my (Internet) ass. Same problem with SL6 also, so not Fedora specific. I shall put the security spin into a VM and develop my network engineer skills at some point!

View 2 Replies View Related

Fedora Security :: Sandbox -X Doesn't Work In F13: Policycoreutils-python Dependency Error?

Jul 29, 2010

one of the coolest features of Fedora imho is sandbox -X, which I used extensively in F12. However, in F13 I yum install /usr/sbin/seunshare prints:

Code:
[...]--> Processing Dependency: policycoreutils-python = 2.0.82-13.fc13 for package: policycoreutils-sandbox-2.0.82-13.fc13.x86_64
--> Finished Dependency Resolution
Error: Package: policycoreutils-sandbox-2.0.82-13.fc13.x86_64 (fedora)
Requires: policycoreutils-python = 2.0.82-13.fc13

[Code]....

View 6 Replies View Related

Security :: Sandbox / Chroot Jail And Separate Filesystem?

May 4, 2011

I want to make a sandbox for my music streaming server(subsonic). I was going to make a directory and chroot to it. I don't really have any room on my HD for new partitions. For the sandbox/chroot jail to be proper does it need to be on a seperate filesystem/mount point?

View 1 Replies View Related

Fedora :: Remote Desktop Client (RDP) Aka Terminal Services Client?

Nov 25, 2009

Is there a good terminal services client available I can connect to my Windows boxes from Fedora12? I am willing to pay for a commercial license if there is a good one

View 7 Replies View Related

General :: Sandbox For Debian Based Distros ?

Jul 16, 2011

I have been using Sandboxing for Windows Operating System and wanted to know if there is a sandbox for debian based distros ? I have tried sanbox mentioned in Debian wiki. Are there any other sandboxes ?

View 6 Replies View Related

General :: Make SRS Audio Sandbox Work Under Wine?

Aug 4, 2010

Well, I've been trying to get a program called SRS Audio Sandbox to work under Wine, but since it works with the audio output, it requires an audio driver and looks for the Windows one instead of the Linux one. Any way to emulateimitate that driver so it'll work?

View 3 Replies View Related

General :: Get Command Line System OS Using Sandbox For Learning Its Prompt?

Nov 27, 2010

Possible Duplicate:
Version of Linux with a command prompt?

Which software of Linux to use for command line running? Since I am using MySQL to run from Linux and want to run Linux, which software to download in Linux? There are multiple ones. Can I run .sh scripts and learn how to operate on Linux using the command line? Also use MySQL as backend on Linux?

View 1 Replies View Related

Security :: How To Trojan A Telnet Client

Jun 20, 2010

I want to log the user name and password passed through the default telnet client on Fedora (7 to 11) system.I have thought of something like this:(Download Telent client src)->(modify src)->(compile and install)but i am not sure...

View 11 Replies View Related

Security :: Ssh Encryption Key - How Client Know What Private Key To Use

Mar 18, 2011

When you install sshd and run it with no modifications, then any other machine can connect to your machine without specifying a key. How does this work? Some key is being used, correct? how does the client know what private key to use?

View 14 Replies View Related

Security :: Web Client Authentication Through PKI And CACs?

Jul 9, 2010

I'm working on a work project related to Web (Client) authentication and DOD Common Access Cards. But I'm having difficult getting the details about what happens on the CAC side of things.

I familiar with the PKI system as it applies to e-mail. (Correct me if I err, of course.) If you want to sign an e-mail (i.e., so it can be authenticated by the receiver) you use your private key to add a digital signature to the message. Then, the receiver uses your published public key to determine if the digital signature is valid, i.e., was created using your private key (even though the receiver never actually has access to your private key).

So... my questions:

1) When a person with a DOD CAC visits a CAC-enabled web site, and the server grants access after the CAC is inserted, is the authentication process fundamentally the same as what happened with the e-mail authentication?

2) If the private key is used in this process (it would have to be, correct?) is the signature created on the CA Card electronics (i.e., the private key remains on the CAC)? Or is the private key copied onto the computer, which uses it to create the signature?

View 1 Replies View Related

Debian :: Create A Sandbox Environment On LAMP Server For PHP/MySql Development?

Mar 5, 2011

I need to create a sandbox environment on my LAMP server for PHP/MySql development. Anyone who could point me in the right direction or share their insight?

View 1 Replies View Related

Software :: Running Windows Server 2003 Under Qemu In Secure Sandbox

Feb 15, 2009

Does anyone know if it would be possible to do this? I read of people who have run Windows Server 2003 under qemu.. but i was wondering if i could get it easily to work in a secure sandbox, so i could run it as a internet server - knowing that it was secure and no one could then hack my computer.

View 1 Replies View Related

Ubuntu Security :: Unable To Ssh To Client When It Is Running Openvpn?

Apr 21, 2010

I have a virtual private server running ubuntu server edition that I have set up as an openvpn client. The problem I have is that the moment I turn on openvpn, I am no longer able to ssh into the machine. Is there a way to enable me to connect to it even when it is tunneling?

View 4 Replies View Related

Ubuntu Security :: Get In To Email Client Thunderbird Or Firefox

Mar 18, 2011

I received a suspect E mail from paypal which I reported to them, I did'nt click on anything in the E mail. The Question I am asking is there any way that some one could get in to my email client Thunderbird or Firefox. When I used thunderbird to report the e mail I received a problem reporting that my email couldn,t be sent due to AOL smpt not excepting email because of ssl encrpyption. I checked the settings for the account all seemed ok ssl was still marked. Also while I was on the internet yesterday I got the popup regarding did I want to save a "file" I canceled as I didn,t click anything to download anything.

View 3 Replies View Related

Ubuntu Security :: Ssh Client Pass Phrase Window Has Gone

Apr 11, 2011

I'm using ssh key based authentication and I was pleased to find that when I set it up out of the box when I connected to my ssh server it prompted me with a password window rather than typing into the terminal and it remembered the pass phrase from one connection to the next.

For some reason it's stopped showing me the window, instead I'm logging in through the terminal, and it's stopped remembering my pass phrase between connections. since I don't know what the program was called that gave me the login box it's rather hard to search for.

View 4 Replies View Related

Security :: Could Not Grab Mouse - Malicious Client Eavesdropping?

Oct 16, 2010

After visiting (and being booted from) pclinuxos.com's forum, I am getting the following error message on my system:Could not grab your mouse. A malicious client may be eavesdropping on your session or you may have just clicked a menu or some application just decided to get focus. Try again. I get this if I try to launch Unetbootin, Synaptic, Firewall... Did they put something into my puter? Or is some stuff simply broken after the latest update?

View 3 Replies View Related

Security :: Allowing Dyndns Client - Update Iptables Frequently?

Sep 11, 2010

I am using dyndns to keep track of my smartphone's ip address. The idea is to be able to ssh into my home network, protected by an iptables firewall. If I use the command: # iptables -I INPUT 9 -s myname.dyndns.org -p tcp -m tcp --dport 22 -j ACCEPT it updates using the current ip address, but the next time I get an ip address update to my phone and update dyndns to properly provide nslookups, this is not being updated in iptables unless I restart my firewall. Is there a better way to do this?

View 3 Replies View Related

Security :: Access Dom0 Files During Vsftpd Server From DomU During Ftp Client

Aug 24, 2010

I have CentOS 5.5 distribution with Dom0 and DomU installed. I try to access Dom0 files during vsftpd server from DomU during ftp client. I successfully login with root and simple user, but when I try to list (or cd to some directory) in user home the SELinux prevent it from me. I get this in audit.log:

[Code]....

View 2 Replies View Related

Fedora Networking :: Connect The Network Where The Openvpn Client Is,throught The Computer With The Client To The Other Network?

May 20, 2009

I have the following problem:I have to networks in remote places.I have an opnvpn client in one network that connects to the the router (openvpn server).My question is,can i connect the network where the openvpn client is,throught the computer with the client to the other network.If yes,how? (please make it an idiot proof anwser because i have limited knowledge about iptables). I was thinking like forwarding (the router in the network with the openvpn client is also firewalling with iptables) the request of the ip class of the openvpn network to the computer with the client,which masquarades the interface

View 2 Replies View Related

General :: Create A Sandbox For A "half GPL" Kernel Module?

Sep 10, 2010

There is a kernel module that connects a SCSI like hard disk to Linux computers, as well as windows and MAC. Some portions of the source code have a GPL license on them, but some remain property of the hardware inventor. The inventor does not agree to GPL the entire code, even just the Linux code. Consequently, the connection package falls behind, the existing users feel left out and the new opportunities fall by the wayside.

The confusing thing for me is that the company gives away the end product, (the compiled module and it's editable source code) but they won't let non-employees edit the official source to keep it up to date. Ultimately they only make money on the SCSI-like connection hardware. Several users have modified the existing package to keep it up with some distributions, but there are others that should be explored and new architectures to employ it.

1) Could I set up a sandbox that hides the non-gpl source code pages, but allows willing developers to join and modify the gpl sections and then compile the modules on different architectures?

2) I have trouble understanding the difference between working on this kind of kernel package for free and releasing the code. In other words, since the company gives away the end product, just as GPL developers do, why not just agree to the same requirements you would have if hired at the company, but do the development for free in the spare time anyway?

View 3 Replies View Related

CentOS 5 Server :: Multiple Html Folders For Sandbox Server?

Aug 30, 2010

I am running Centos 5.5 with Apache 2.2.3, MySql 5, and PHP 5.1.6. I am migrating a Drupal installation to the default html folder for development purposes. I am very new to server management, and a bit lost.I want to install some other web sites on the sandbox server to experiment with before uploading them to a Production environment. Is it possible to have multiple html folders? Or to use symlinks to point to the folders where the other web sites will reside?

View 1 Replies View Related

Ubuntu Security :: Use A "secure" Proprietary Web-based Java FTP Client?

Oct 15, 2010

I was given the responsibility at work to upload some files to an offsite 3rd party FTP server. Apparently we use a "secure" proprietary web-based java FTP client.

The FTP client was buggy and repeatedly crashed. While I was waiting for it to work, I decided to look at the HTML of the website when I was logged in to their FTP server. It contained the following lines:

Code:
hostname="-------------"
username="--------"
password="--------"
connectionType="ftps"
mode="binary"
enableHost="false"
enableConnectionType="false"
enableAnonymous="false"

I substituted dashes for the sensitive information that was in the website. I do not have access to analyze the network traffic to see if our username and password is being transmitted in plain text to the website. It makes me nervous to see the username and password plainly written out in the html for a website; however analyzing the network traffic and securing networks is not part of my job description. So my question for people here who have this as part of their job description is as follows:

View 7 Replies View Related

Ubuntu Security :: Users Connecting To Serverip:52000 And Should Land On Client:52000?

Jan 27, 2011

perhaps anyone can help me. Situation: A VPS Server, i installed a PPTP Server on it, is working. Client connecting to PPTP Server, working. Now i only wanna one port thru the PPTP Connection, all other NOT. In example Port 52000 on Client. Users connecting to Serverip:52000 and should land on Client:52000, BUT and that is what is important for me, with their Real IP. If i do a POSTROUTING ppp0 MASQUERADE it is working, but the Users in my Log have the IP from the Server and not their Realip. It makes sense because i do Masquerading.

Anyone can Help me? That would be great! VPN IPs are 192.168.0.1 on Server and 192.168.0.234 on Client. I can ping each other. Server Interfaces: eth0 and if i connected with PPTP Client ppp0 (192.168.0.1). I wanna not route all traffic through PPTP, only one or two Ports!

View 5 Replies View Related

Ubuntu Security :: Configure The Share And Folder So That The Win7 Client Can Create Files And/or Folders In The Share?

Jan 15, 2010

I've just installed Ubuntu 9.10 and Samba 3.4. I've shared a folder and have accessed the share from a Windows 7 client. However, I've struggled to configure the share and folder so that the Win7 client can create files and/or folders in the share. Kept getting Permission Denied errors. Finally, (using Webmin) I set the permissions on the file folder so that "Other" had write access. I don't understand why this was necessary (and how unsecure this is). I already had the write access checkbox ticked for "User" but it wasn't enough.

View 1 Replies View Related

Fedora Security :: Script To Add Security Spin Tools To Normal Installation

May 22, 2011

love security/pentest tools. This script adds ALL the tools from the Security Spin, plus Metasploit. Feel free to modify it if need be.

View 12 Replies View Related

Fedora Security :: Wierd SeLinux Security Alerts \ Got:Code:Summary: System May Be Seriously Compromised?

Apr 13, 2011

this is the allert i got:Code:Summary:Your system may be seriously compromised! /usr/sbin/NetworkManager tried to loada kernel module.Detailed Description:SELinux has prevented NetworkManager from loading a kernel module. All confinedprograms that need to load kernel modules should have already had policy writtenfor them. If a compromised application tries to modify the kernel this AVC willbe generated. This is a serious issue.Your system may very well be compromised.Allowing Access:Contact your security administrator and report this issue.Additional Information:

Source Context system_u:system_r:NetworkManager_t:s0
Target Context system_u:system_r:NetworkManager_t:s0
Target Objects None [ capability ]

[code]....

View 5 Replies View Related

Fedora Security :: What Security Measure's Should Be Taking To Make Box Little Less Vulnerable?

Apr 7, 2009

I'm just curious as to what security measure's I should be taking to make my box a little less vulnerable? I'm still experimenting/playing with Linux, use the net, IM, download this and that and was wondering how secure fedora 10 was out of the box?

View 12 Replies View Related

Fedora Security :: Security Risk Of An Unencrypted /boot Partition?

Apr 8, 2009

During a recent install I made the leap to encryption,but /boot must remain unencrypted.Is there really any legitimate security risk to having an unencrypted /boot partition? I mean basically someone can just see what kernel you're running which they could see during boot anyways right? Oh I and keep all my financial documents in /boot/finances/ (haha ok not really, but I am serious about the first part).

View 5 Replies View Related

Fedora Security :: Install Security Lab Menu On A Normal 13 Installation?

May 30, 2010

Is it possible to install security lab menu on a normal Fedora 13 installation? I don't want to use security spin.

View 14 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved