Fedora Security :: Sandbox Does Not Run With NX Client?
Apr 12, 2011
My machine, running FC13, is accessed by a NX client / server (freenx-server.i686 package installed). Using the NoMachine NX client, when I launch the sandbox program (policycoreutils-sandbox.i686 package), for example,sandbox -X xtermthe process dies without displaying a screen. The problem comes from the Xephyr server that complains : 'Xephyr cannot open host display. Is DISPLAY set ?'. Xephyr is called in the bash file /usr/share/sandbox/sandboxX.sh by:/usr/bin/Xephyr -title "$TITLE" -terminate -screen $SCREENSIZE -displayfd 5 5>&1Is there a way to solve this problem ?
View 2 Replies
ADVERTISEMENT
May 29, 2011
Running firefox in a SELinux sandbox - periodically the mouse refuses to leave the sandbox (i.e., gets stuck in the browser, refusing to traverse across the window border onto the desktop). This usually happens once in a while, though periodically once every 15 mins or so - no particular pattern, no pattern in the websites visited either.
The setup is as follows:
- Fedora 15 with a bare metal X install (TWM, desktop locked down ala a kiosk install - I will try a different wm to see if that makes any difference at some point)
- VPN (having been through a few VPN providers not all are equal, and this is a pretty good one, running OpenVPN at the mo. - I will try L2TP when I get round to it)
- Firewall locked down to the max.
- As far as reasonably can be done, no direct access to the machine - the install at least in theory is untainted
Does anyone know of a SELinux forum? Can't see anything myself or at least in the first instance.
I'm assuming this is a MITM problem - largely 'cos I have crime sitting on my (Internet) ass. Same problem with SL6 also, so not Fedora specific. I shall put the security spin into a VM and develop my network engineer skills at some point!
View 2 Replies
View Related
Jul 29, 2010
one of the coolest features of Fedora imho is sandbox -X, which I used extensively in F12. However, in F13 I yum install /usr/sbin/seunshare prints:
Code:
[...]--> Processing Dependency: policycoreutils-python = 2.0.82-13.fc13 for package: policycoreutils-sandbox-2.0.82-13.fc13.x86_64
--> Finished Dependency Resolution
Error: Package: policycoreutils-sandbox-2.0.82-13.fc13.x86_64 (fedora)
Requires: policycoreutils-python = 2.0.82-13.fc13
[Code]....
View 6 Replies
View Related
May 4, 2011
I want to make a sandbox for my music streaming server(subsonic). I was going to make a directory and chroot to it. I don't really have any room on my HD for new partitions. For the sandbox/chroot jail to be proper does it need to be on a seperate filesystem/mount point?
View 1 Replies
View Related
Nov 25, 2009
Is there a good terminal services client available I can connect to my Windows boxes from Fedora12? I am willing to pay for a commercial license if there is a good one
View 7 Replies
View Related
Jul 16, 2011
I have been using Sandboxing for Windows Operating System and wanted to know if there is a sandbox for debian based distros ? I have tried sanbox mentioned in Debian wiki. Are there any other sandboxes ?
View 6 Replies
View Related
Aug 4, 2010
Well, I've been trying to get a program called SRS Audio Sandbox to work under Wine, but since it works with the audio output, it requires an audio driver and looks for the Windows one instead of the Linux one. Any way to emulateimitate that driver so it'll work?
View 3 Replies
View Related
Nov 27, 2010
Possible Duplicate:
Version of Linux with a command prompt?
Which software of Linux to use for command line running? Since I am using MySQL to run from Linux and want to run Linux, which software to download in Linux? There are multiple ones. Can I run .sh scripts and learn how to operate on Linux using the command line? Also use MySQL as backend on Linux?
View 1 Replies
View Related
Jun 20, 2010
I want to log the user name and password passed through the default telnet client on Fedora (7 to 11) system.I have thought of something like this:(Download Telent client src)->(modify src)->(compile and install)but i am not sure...
View 11 Replies
View Related
Mar 18, 2011
When you install sshd and run it with no modifications, then any other machine can connect to your machine without specifying a key. How does this work? Some key is being used, correct? how does the client know what private key to use?
View 14 Replies
View Related
Jul 9, 2010
I'm working on a work project related to Web (Client) authentication and DOD Common Access Cards. But I'm having difficult getting the details about what happens on the CAC side of things.
I familiar with the PKI system as it applies to e-mail. (Correct me if I err, of course.) If you want to sign an e-mail (i.e., so it can be authenticated by the receiver) you use your private key to add a digital signature to the message. Then, the receiver uses your published public key to determine if the digital signature is valid, i.e., was created using your private key (even though the receiver never actually has access to your private key).
So... my questions:
1) When a person with a DOD CAC visits a CAC-enabled web site, and the server grants access after the CAC is inserted, is the authentication process fundamentally the same as what happened with the e-mail authentication?
2) If the private key is used in this process (it would have to be, correct?) is the signature created on the CA Card electronics (i.e., the private key remains on the CAC)? Or is the private key copied onto the computer, which uses it to create the signature?
View 1 Replies
View Related
Mar 5, 2011
I need to create a sandbox environment on my LAMP server for PHP/MySql development. Anyone who could point me in the right direction or share their insight?
View 1 Replies
View Related
Feb 15, 2009
Does anyone know if it would be possible to do this? I read of people who have run Windows Server 2003 under qemu.. but i was wondering if i could get it easily to work in a secure sandbox, so i could run it as a internet server - knowing that it was secure and no one could then hack my computer.
View 1 Replies
View Related
Apr 21, 2010
I have a virtual private server running ubuntu server edition that I have set up as an openvpn client. The problem I have is that the moment I turn on openvpn, I am no longer able to ssh into the machine. Is there a way to enable me to connect to it even when it is tunneling?
View 4 Replies
View Related
Mar 18, 2011
I received a suspect E mail from paypal which I reported to them, I did'nt click on anything in the E mail. The Question I am asking is there any way that some one could get in to my email client Thunderbird or Firefox. When I used thunderbird to report the e mail I received a problem reporting that my email couldn,t be sent due to AOL smpt not excepting email because of ssl encrpyption. I checked the settings for the account all seemed ok ssl was still marked. Also while I was on the internet yesterday I got the popup regarding did I want to save a "file" I canceled as I didn,t click anything to download anything.
View 3 Replies
View Related
Apr 11, 2011
I'm using ssh key based authentication and I was pleased to find that when I set it up out of the box when I connected to my ssh server it prompted me with a password window rather than typing into the terminal and it remembered the pass phrase from one connection to the next.
For some reason it's stopped showing me the window, instead I'm logging in through the terminal, and it's stopped remembering my pass phrase between connections. since I don't know what the program was called that gave me the login box it's rather hard to search for.
View 4 Replies
View Related
Oct 16, 2010
After visiting (and being booted from) pclinuxos.com's forum, I am getting the following error message on my system:Could not grab your mouse. A malicious client may be eavesdropping on your session or you may have just clicked a menu or some application just decided to get focus. Try again. I get this if I try to launch Unetbootin, Synaptic, Firewall... Did they put something into my puter? Or is some stuff simply broken after the latest update?
View 3 Replies
View Related
Sep 11, 2010
I am using dyndns to keep track of my smartphone's ip address. The idea is to be able to ssh into my home network, protected by an iptables firewall. If I use the command: # iptables -I INPUT 9 -s myname.dyndns.org -p tcp -m tcp --dport 22 -j ACCEPT it updates using the current ip address, but the next time I get an ip address update to my phone and update dyndns to properly provide nslookups, this is not being updated in iptables unless I restart my firewall. Is there a better way to do this?
View 3 Replies
View Related
Aug 24, 2010
I have CentOS 5.5 distribution with Dom0 and DomU installed. I try to access Dom0 files during vsftpd server from DomU during ftp client. I successfully login with root and simple user, but when I try to list (or cd to some directory) in user home the SELinux prevent it from me. I get this in audit.log:
[Code]....
View 2 Replies
View Related
May 20, 2009
I have the following problem:I have to networks in remote places.I have an opnvpn client in one network that connects to the the router (openvpn server).My question is,can i connect the network where the openvpn client is,throught the computer with the client to the other network.If yes,how? (please make it an idiot proof anwser because i have limited knowledge about iptables). I was thinking like forwarding (the router in the network with the openvpn client is also firewalling with iptables) the request of the ip class of the openvpn network to the computer with the client,which masquarades the interface
View 2 Replies
View Related
Sep 10, 2010
There is a kernel module that connects a SCSI like hard disk to Linux computers, as well as windows and MAC. Some portions of the source code have a GPL license on them, but some remain property of the hardware inventor. The inventor does not agree to GPL the entire code, even just the Linux code. Consequently, the connection package falls behind, the existing users feel left out and the new opportunities fall by the wayside.
The confusing thing for me is that the company gives away the end product, (the compiled module and it's editable source code) but they won't let non-employees edit the official source to keep it up to date. Ultimately they only make money on the SCSI-like connection hardware. Several users have modified the existing package to keep it up with some distributions, but there are others that should be explored and new architectures to employ it.
1) Could I set up a sandbox that hides the non-gpl source code pages, but allows willing developers to join and modify the gpl sections and then compile the modules on different architectures?
2) I have trouble understanding the difference between working on this kind of kernel package for free and releasing the code. In other words, since the company gives away the end product, just as GPL developers do, why not just agree to the same requirements you would have if hired at the company, but do the development for free in the spare time anyway?
View 3 Replies
View Related
Aug 30, 2010
I am running Centos 5.5 with Apache 2.2.3, MySql 5, and PHP 5.1.6. I am migrating a Drupal installation to the default html folder for development purposes. I am very new to server management, and a bit lost.I want to install some other web sites on the sandbox server to experiment with before uploading them to a Production environment. Is it possible to have multiple html folders? Or to use symlinks to point to the folders where the other web sites will reside?
View 1 Replies
View Related
Oct 15, 2010
I was given the responsibility at work to upload some files to an offsite 3rd party FTP server. Apparently we use a "secure" proprietary web-based java FTP client.
The FTP client was buggy and repeatedly crashed. While I was waiting for it to work, I decided to look at the HTML of the website when I was logged in to their FTP server. It contained the following lines:
Code:
hostname="-------------"
username="--------"
password="--------"
connectionType="ftps"
mode="binary"
enableHost="false"
enableConnectionType="false"
enableAnonymous="false"
I substituted dashes for the sensitive information that was in the website. I do not have access to analyze the network traffic to see if our username and password is being transmitted in plain text to the website. It makes me nervous to see the username and password plainly written out in the html for a website; however analyzing the network traffic and securing networks is not part of my job description. So my question for people here who have this as part of their job description is as follows:
View 7 Replies
View Related
Jan 27, 2011
perhaps anyone can help me. Situation: A VPS Server, i installed a PPTP Server on it, is working. Client connecting to PPTP Server, working. Now i only wanna one port thru the PPTP Connection, all other NOT. In example Port 52000 on Client. Users connecting to Serverip:52000 and should land on Client:52000, BUT and that is what is important for me, with their Real IP. If i do a POSTROUTING ppp0 MASQUERADE it is working, but the Users in my Log have the IP from the Server and not their Realip. It makes sense because i do Masquerading.
Anyone can Help me? That would be great! VPN IPs are 192.168.0.1 on Server and 192.168.0.234 on Client. I can ping each other. Server Interfaces: eth0 and if i connected with PPTP Client ppp0 (192.168.0.1). I wanna not route all traffic through PPTP, only one or two Ports!
View 5 Replies
View Related
Jan 15, 2010
I've just installed Ubuntu 9.10 and Samba 3.4. I've shared a folder and have accessed the share from a Windows 7 client. However, I've struggled to configure the share and folder so that the Win7 client can create files and/or folders in the share. Kept getting Permission Denied errors. Finally, (using Webmin) I set the permissions on the file folder so that "Other" had write access. I don't understand why this was necessary (and how unsecure this is). I already had the write access checkbox ticked for "User" but it wasn't enough.
View 1 Replies
View Related
May 22, 2011
love security/pentest tools. This script adds ALL the tools from the Security Spin, plus Metasploit. Feel free to modify it if need be.
View 12 Replies
View Related
Apr 13, 2011
this is the allert i got:Code:Summary:Your system may be seriously compromised! /usr/sbin/NetworkManager tried to loada kernel module.Detailed Description:SELinux has prevented NetworkManager from loading a kernel module. All confinedprograms that need to load kernel modules should have already had policy writtenfor them. If a compromised application tries to modify the kernel this AVC willbe generated. This is a serious issue.Your system may very well be compromised.Allowing Access:Contact your security administrator and report this issue.Additional Information:
Source Context system_u:system_r:NetworkManager_t:s0
Target Context system_u:system_r:NetworkManager_t:s0
Target Objects None [ capability ]
[code]....
View 5 Replies
View Related
Apr 7, 2009
I'm just curious as to what security measure's I should be taking to make my box a little less vulnerable? I'm still experimenting/playing with Linux, use the net, IM, download this and that and was wondering how secure fedora 10 was out of the box?
View 12 Replies
View Related
Apr 8, 2009
During a recent install I made the leap to encryption,but /boot must remain unencrypted.Is there really any legitimate security risk to having an unencrypted /boot partition? I mean basically someone can just see what kernel you're running which they could see during boot anyways right? Oh I and keep all my financial documents in /boot/finances/ (haha ok not really, but I am serious about the first part).
View 5 Replies
View Related
May 30, 2010
Is it possible to install security lab menu on a normal Fedora 13 installation? I don't want to use security spin.
View 14 Replies
View Related
