Fedora Security :: Security Risk Of An Unencrypted /boot Partition?
Apr 8, 2009
During a recent install I made the leap to encryption,but /boot must remain unencrypted.Is there really any legitimate security risk to having an unencrypted /boot partition? I mean basically someone can just see what kernel you're running which they could see during boot anyways right? Oh I and keep all my financial documents in /boot/finances/ (haha ok not really, but I am serious about the first part).
View 5 Replies
ADVERTISEMENT
Feb 28, 2011
When posting results from ifconfig, it shows the hardware address of etho, etc. Would you consider that to be a security risk ?
View 9 Replies
View Related
Jul 27, 2015
I need to build a new computer, and I'm considering buying an "AMD-oriented" motherboard, that comes with an integrated ATI Radeon GPU.But, being a big Free Software enthusiast, that likes to have completely free drivers for everything, and knowing that the "open source" Radeon driver, for ATI/AMD GPUs, uses a non-free firmware, I'm reluctant about this... Above all, because I don't know what kind of security risk I'm taking, when using a proprietary firmware.
And, having read what was recently reported about the security of proprietary firmwares, in general,URL... if the firmware component of graphics cards drivers poses any security threat?(I mean, can the firmware part of a graphics cards driver be used to do anything more than executing instructions to display graphics?)
View 9 Replies
View Related
Sep 29, 2010
I am running Ubuntu 10.04 on my laptop. I have an Apache web server running that I can access at 192.168.1.102 ("It works! This is the default web page for this server. ...").
Are there any security risks in leaving this running? Is the web server available to anyone outside my network?
View 2 Replies
View Related
Oct 30, 2010
I have received an email with a .csv attachment from a bank, and need to know how to view the attachment without risk. Using View>Message Source I see a large solid block of random upper and lower case characters, whereas I would expect to see some readable text mixed in. The email subject and the attachment name both contain data specific to me, but the text of the email consists largely of disclaimers with no mention of my name or any clue as to the nature of the attachment. I am using Thunderbird as my email client.
View 8 Replies
View Related
Jun 20, 2011
i want to know the risk with auto mounting flash drive as a root user,if for example there is a Usb Flash drive inserted into the system and we login into root unknowingly, and this flash drive contains an autorun script which calls a new script that can place viruses in your system, since you are in the root it will not even prompt for password and if the script is fast enough you will not even see it executing.
View 7 Replies
View Related
Jun 3, 2011
I have some questions about security
1> are the flash exploits are of any use to a Linux operating system like Ubuntu etc. ?
2>are the Microsoft office exploits any risk to libreoffice or open-office software suites?
3>are there exploits for Linux , open-office and libreoffice ?
View 9 Replies
View Related
Dec 9, 2010
I manage a linux-based network, where some projects are currently under development. Our IT policy states that any email attachment shall be encrypted using GPG. Can I block other attachments using a firewall?
Note: Currently our mail server is not in campus. So I can only use a firewall for this security issue.
View 5 Replies
View Related
Aug 27, 2009
I was having a discussion with someone who said that telnet, FTP, HTTP plain-text authentication in the local subnet is ok because it's a switched network. Also, that these protocols are not good over the net but in a local subnet they are just fine.
I know that someone can plug a hub in the network port and connect 2 (or more) PCs and see the packets. Also, heard about ettercap but haven't really delved into it. I know dsniff was written to prove the point that unencrypted protocols are bad. Would like to get opinion about unencrypted protocols over a switched networks.
View 1 Replies
View Related
Jul 30, 2011
I followed this howto in order to mount CIFS shares on demand. This works great, however, this guide suggests leaving my network passwords unencrypted on the disk. This is a very bad security practice, as the passwords can be easly retrieved by booting the computer using a different OS.
I was looking for a way to secure things up, so I came up with this solution: Instead of storing the passwords plain text on the disk, I store them in a tar file encrypted using GPG. When I boot my system, I open this file to a directory in /dev/shm, and order AutoFS to retrieve the passwords from there.
This does the trick, but I presume this solution is not that secure, since /dev/shm content can be written to the swap partition. Is there any other solution which is a better security practice? Maybe using some sort of keyring service?
View 3 Replies
View Related
Jan 21, 2009
I need a FREE solution that can image an entire Luks system encrypted volume and the rest of the used HDD, the MBR and /boot partition. Note: MBR and /boot are not encrypted. Note 2: I want to be able to restore entire drive from image with only a couple of steps. Note 3: Destination HDD space is a factor. Image file must be compressed and the image file must be around 40 to 50 GB or less. The smaller the image the better.
I have used clonezilla live cd before but not for encrypted volumes. I know you can install it in Linux. But, I don't know how to configure it after installation. I would be very happy if someone could tell me how to configure clonezilla in Fedora. How to guides are also welcome. I have one more question. If I image the encrypted volumes and all the stuff I mentioned above while logged in to Fedora, and I restore the drive from the image, will the recovered drive still be encrypted?
View 8 Replies
View Related
Jul 27, 2010
I'm trying to get a fully encrypted system with several linux partitions.I use one big encrypted (luks) partition which I divide into several smaller with LVM but I still need to set the boot folder on a non-encrypted partition.So my question is : is there a way to have only one boot partition instead of one for each system ?
View 6 Replies
View Related
Feb 22, 2010
I'm trying to have a LUKS encrypted partition mounted at startup and to have GDM ask for my key so it will decrypt. Now I followed [URL] to the letter. Except for now, I have it just mounted into /mnt/cryptohome so I'm not messing with my system. My problem is the one everyone mentions in the comments, ubuntu isn't asking for the LUKS key in the X display, it's asking in the first terminal (Ctrl-Alt-F1). This will not do. I need it to ask to mount my drive before I'm even asked to login, so eventually I can encrypt my /home.
View 9 Replies
View Related
Mar 9, 2011
Has anyone tried encrypting the boot partition to prevent the kernel from being modified. Iv tried following this but I'm running into issues when building. [URL] Im using the source from bzr checkout [URL] Last time I tried I screwed grub and it wouldnt boot.
View 9 Replies
View Related
Apr 14, 2010
I use Fedora 12 AMD64 , my Fedora mount automatic windows partition , I try find way Fedora dose not this you can see in this linkSo I want set password for windows partition and I do not want somebody can see what I have in windows partition , if I can not set password for partition , I want set password for folders are in windows partitions , can I do this ?---------- Post added at 05:25 PM CDT ---------- Previous post was at 09:29 AM CDT ----------
View 1 Replies
View Related
Jun 1, 2011
My windows 7 system is severely infected and I can't cure it from within itself or safe mode.I was going to do that with ClamAV but as I am running F12 the current version is not supported. Do you know an AV client that you could recommend for that purpose.I don't want to risk upgrading F12 as I don't want to jeopardise my only stable system at the moment.
View 3 Replies
View Related
May 22, 2011
love security/pentest tools. This script adds ALL the tools from the Security Spin, plus Metasploit. Feel free to modify it if need be.
View 12 Replies
View Related
Apr 13, 2011
this is the allert i got:Code:Summary:Your system may be seriously compromised! /usr/sbin/NetworkManager tried to loada kernel module.Detailed Description:SELinux has prevented NetworkManager from loading a kernel module. All confinedprograms that need to load kernel modules should have already had policy writtenfor them. If a compromised application tries to modify the kernel this AVC willbe generated. This is a serious issue.Your system may very well be compromised.Allowing Access:Contact your security administrator and report this issue.Additional Information:
Source Context system_u:system_r:NetworkManager_t:s0
Target Context system_u:system_r:NetworkManager_t:s0
Target Objects None [ capability ]
[code]....
View 5 Replies
View Related
Jul 19, 2010
I'm planning a fresh F13 install, with separate partitions for /boot, /home, /tmp, /, and swap. All but /boot will be logical volumes, and I'd like to encrypt all but boot. If I encrypt the underlying partitions, is there any reason to also encrypt the logical volumes themselves?
my system will be:
HP dv6-3040us Pavillion laptop
AMD Phenon II
4GB DDR3
View 3 Replies
View Related
Apr 4, 2011
How to change the passphrase for crypted partitions in F14?
View 1 Replies
View Related
Apr 7, 2009
I'm just curious as to what security measure's I should be taking to make my box a little less vulnerable? I'm still experimenting/playing with Linux, use the net, IM, download this and that and was wondering how secure fedora 10 was out of the box?
View 12 Replies
View Related
May 30, 2010
Is it possible to install security lab menu on a normal Fedora 13 installation? I don't want to use security spin.
View 14 Replies
View Related
Oct 10, 2009
If I leave the computer running for a few minutes without doing anything on it, this screen appears demanding that I enter my password, otherwise I can't get back to Fedora. I understand the necessity for this security feature in a work environment, but I'm just a home user and this security screen is just a nagging problem I don't know how to get rid of.
View 1 Replies
View Related
Jul 19, 2011
I just putup the fedora15 on my PC. there are several msg coming up from selinux saying permission denied, though I am not doing any administrative activity. the PC being a workstation for reaserch. how can I know the denial is for an security intrusion attempt. how can I set conditions to see the logs of all security intrusions. how can I set exclusive msg-ing from selinux that the denial is for a security intrusion attempt.
View 5 Replies
View Related
May 20, 2010
Anyone had any experience with unlocking a LUKS encrypted root partition via ssh? It is ok to leave /boot unencrypted.
There are a few pages from google with the debians variants, archived by putting dropbear into initrd.
I like to do that with my fedora/centos remote servers, but struggle to find any resources specific to it. Anyone has any suggestions and thoughts as to what might be a suitable way forward?
View 2 Replies
View Related
Aug 10, 2011
I would like to encrypt my swap partition ...During installation, I tried to select the "encrypt partition" choice, but it needed a passphrase.After installation, I tried to encrypt my partition ... I followed this article: The problem is that my swap partition always changes its path ...When I first booted the system, it was /dev/sda10, next it became /dev/sdc10, now it is /dev/sdb10. This is probably the reason why in fstab all entries are according to UUID.However, the swap partition is not fond of UUIDs ! I tried to mkswap /dev/<current swap partition> -L Swap, I received a UUID, puted it in /etc/crypttab ... it worked for the first time ... but the second time... did not.
View 14 Replies
View Related
Jul 18, 2009
Firefox 3.5 has a critical java script vulnerability as noted in the recent news. I had to manually update to 3.5.1 using the mozilla tarball because there's still no Firefox 3.5.1 in Fedora Updates or even Fedora Updates Testing repositories. Is this normal? I didn't want to resort to using the mozilla one because now I can't use flash (my system is 64 bit and mozilla only seems to offer a 32bit tar file of Firefox) and having two Firefoxs means dealing with the ProfileManager, separate bookmarks and so on.
I'm trying to find out if I'm just looking in the wrong place, I tried the normal mirrors for "updates" for Fedora 11 and then updates-testing and also the baseurl for "updates" to get rid of the mirror update delay. None of them seem to have 3.5.1 ?
View 3 Replies
View Related
Aug 3, 2009
Problem that may require several tools available on Fedora. I don't know if its possible or not.
Given: Surveillance video box based on Fedora & Zoneminder. Internet connection is via a private 10.x.x.x network connection to the local phone company/ISP. That's the only connection available and they are the only ISP in the area. The ISP uses NAT to ultimately provide a routeable IP address, but that only works on outbound initiated traffic.
Problem: How can someone out on the Internet hit this box? i.e Is there any way to rig a method that will ultimately allow a connection initiated from the Internet to see the surveillance video that this box has stored via an http session?
I thought of one idea but don't have the tools to implement it. User sends an email to a server out on the Net somewhere. Surveillance box retrieves mail ever minute. The mail contains the users IP address. Surveillance box sends an outbound packet to that IP address to get NAT functional. The users box then uses that address to hit the box on the private network. The snag with this is that NAT is specific to ports, and I have no sway over the ISP's NAT capability.
Is there any way to push an http session outbound to the waiting end user? i.e. initiate a push of http traffic from the private box to the end user?
View 5 Replies
View Related
Nov 24, 2009
Does any one knows how to set an schedule for fire fox to terminate loading some IP. or restricting people to accessing some websites from your system..?I mean to set some restriction option to Fire Fox for third party..
View 4 Replies
View Related
Mar 29, 2010
I get a SELinux relabel often even without changing stuff. SELinux troubleshoot doesn't show any error nor are there any messages in /log/messages that give any clue. Where should I look to see whats happening ?
2.6.31.12-174.2.22.fc12.x86_64
selinux-policy-3.6.32-103.fc12
View 2 Replies
View Related
