Fedora Security :: Xinetd And Bash Scripts - No Need For SSL
Jul 14, 2009
I've recently setup a simple service application using xinetd, which runs a bash script to allow users to check for specific events into a log file. The contents of this logfile is not sensitive, so no need for SSL or password protection. Though, my concern about it is the possibility of a malicious request to cause execution of arbitrary code. I've seen similar bash issues discussed briefly a couple times, but never actually seen any solid point of how much of this is a fact, or myth. I've tested some obvious things, like sending tricky characters into the request, but so far it looks ok. So my question here is, considering the following code below, would be possible for an attacker to exploit it? How safe it is to have this sort of application running as a service?
# /etc/xinetd.conf
Code:
service logfile-search {
server= /home/guest/logfile-search.bash
socket_type= stream
wait= no
instances= 5
per_source= 1
user= guest
nice= 15
log_type= FILE /home/guest/logfile-search.bash.access.log
log_on_success= HOST DURATION EXIT
log_on_failure= HOST
}
# /etc/services
Code:
logfile-search30000/tcp
# /home/guest/logfile-search.bash
Code:
#!/bin/bash
trap "" 2 3 24
echo -n "Enter search string: " ; read -t 120
if [ "$REPLY" ]; then
echo "`date` - $REMOTE_HOST - $REPLY" >>/home/guest/logfile-search.bash.search.log
grep -i "$REPLY" /home/guest/logfile.txt
fi
exit
View 2 Replies
ADVERTISEMENT
Mar 24, 2010
I'm just trying to figure out what is going on with FC12
Here is the error:
[root@localhost bigmac]# rkhunter --check
Invalid XINETD_CONF_PATH configuration option - non-existent pathname specified: /etc/xinetd.conf
View 1 Replies
View Related
Apr 24, 2009
I installed Subversion and xinetd and added Subversion as a service to xinetd.conf as instructed at http://www.codeandcoffee.com/2007/06...rver-on-linux/
I restarted the xinetd service using /sbin/service. however, Subversion does not end up being listed in /etc/xinetd.d nor does it seem to be running and occupying the port altogether.
View 2 Replies
View Related
Mar 3, 2010
I need to launch a bash file in Linux from an unprivileged user session, file that will run bash commands as root. But I do not want to create an user with root privileges to do that.
View 10 Replies
View Related
Jul 21, 2009
I've been reading the RUTE Linux book and they recommend the use of xinetd to run services. However, this book is already a bit outdated, and I was wondering whether this still applies to today's circumstances?
View 4 Replies
View Related
Aug 15, 2009
i am working with fedora 9 i need to turn on services such as telnet,ftp,dns,nfs,dhcp etc. but the problem is i dont even find xinetd based service when i am giving this command
Code:
#chkconfig --list|more
nd some command is not working for me as well like
[code]....
View 8 Replies
View Related
Aug 3, 2011
I would like some quick pointers to understanding service-daemon controlling and etc/initd.conf or /etc/xinetd.conf, if you prefer. read, a while back, I should be using...
[bash]# service "srv-dmon" start/stop/status/restart/reload/etc
and to stop using...
[bash]# /etc/init.d/"srv-dmon" start/stop/status/restart/panic/save/etc
[code]....
View 2 Replies
View Related
Mar 12, 2010
I am new to Linux i am installing cvs in it.
I am facing the below problem:sudo /etc/init.d/xinetd reload sudo: /etc/init.d/xinetd: command not found. /etc/init.d/xinetd restart /etc/init.d/xinetd stop.
View 5 Replies
View Related
Jan 26, 2011
I am trying to configure SNMP server using xinetd on red hat. I am using non-standard port for it. My connection to server fails. I see the following log messages in /var/log:
Jan 26 17:23:31 [userid] xinetd[15023]: START: my-snmp pid=15047 from=192.128.11.21
Jan 26 17:23:31 [userid] xinetd[15023]: EXIT: my-snmp status=1 pid=15047 duration=0(sec)
Jan 26 17:23:32 [userid] xinetd[15023]: START: my-snmp pid=15050 from=192.128.11.21
Jan 26 17:23:32 [userid] xinetd[15023]: EXIT: my-snmp status=1 pid=15050 duration=0(sec)
can anybody help to point out what is wrong in my config?
[Code]...
View 1 Replies
View Related
Aug 21, 2010
I recently installed Fedora 13 on VMware 7 environment without X window. sshd did work fine, but when I tried to put it into xinetd, it doesn't work any more. Here is what I have done so far :
I stopped sshd. #service sshd stop
and I configured xinetd.conf like below.
Quote:
#
# This is the master xinetd configuration file. Settings in the
# default section will be inherited by all service configurations
# unless explicitly overridden in the service configuration. See
# xinetd.conf in the man pages for a more detailed explanation of
# these attributes.
[Code]....
I don't know what I did wrong with them. I configured xinetd.conf, and I made service configuration file 'ssh' in /etc/xinetd.d, and I restarted xinetd.
What am I supposed to do to make a life on my sshd within xinetd ?
View 1 Replies
View Related
Feb 23, 2011
I have setup a vnc server using the "every imagineable server" thread which setups up VPN using xinetd. I have also installed Beesu and its associated scripts so I can easily open root privileged nautilus windows.
beesu works a treat on the actual display. However whilst vnc'd into the box I get prompted for my root password (which it accepts) but a nautilus window never opens. No errors, it just doesn't open.
View 6 Replies
View Related
Nov 9, 2010
Unable to start tftpd service after starting xinetd
View 9 Replies
View Related
Jul 18, 2010
I have a while loop in a file that looks like:
Code:
while IFS=":" read name script
do
su
exit
[code]....
Where I redirect the file into the loop, for some reason, I can't do an su when I redirect a file like that. I get the error, "su: must be run from a terminal." Why is this? How can I fix it?
View 7 Replies
View Related
Nov 20, 2010
I have two cryptsetup volumes with the same password that I want to open in a bash script, and I want to avoid writing the passphrase twice. I was thinking of using read -s. Is there any security problems with this?The other alternative would be to have a password file on a small partition encrypted with a passphrase. Then only give the passphrase and let the script open up all encrypted volumes using the password file. However this seems overly complicated. But is it more secure?
View 3 Replies
View Related
Aug 24, 2010
I have some bash and python scripts. Is there any way to encrypt them but still be able to execute them encrypted?
View 7 Replies
View Related
Feb 9, 2010
how to write secure code for bash scripts in general? Strangely I didn't found anything in google and in the forum so far. If someone here is willing to review a bash script for me (about 600 lines).
View 6 Replies
View Related
Apr 28, 2009
If i run /usr/bin/foo through xinetd and have /etc/xinetd.d/foo conf file something like:
1 service foo
2 {
3 port = 3691
4 socket_type = stream
5 protocol = tcp
6 wait = no
7 user = www-data
8 server = /usr/bin/foo
9 server_args = -x
10 }
Is /usr/bin/foo supposed to be listed in the list of all processes on that machine (ps aux)? i added the conf file, bouced xinetd daemon via /sbin/service, yet foo does not seem to be running. the xinetd doc online seems pretty incomplete.
View 10 Replies
View Related
Apr 15, 2011
I'm trying to restrict ssh connection using xinetd , so my xinetd configuration files are :
/etc/xinetd.conf
Code:
defaults
{
[code]...
View 3 Replies
View Related
Jul 8, 2009
I am really not very experienced with linux and have only just started working off the command line in windows as well.
I know the basics but I am trying to install R-1 and I was having a lot of difficulties and figured out that it was that xinetd was not running.
So I tried to run it service xinetd start and it said unecognized service so then I installed xinetd and there was already a xinetd.d directory with all of the processes i needed with the .conf file but so when i run xinetd -d
Code:
My xinetd.conf file looks like this:
Code:
# All service files are stored in the /etc/xinetd.d directory
#
includedir /etc/xinetd.d
# End /etc/xinetd
EOF
This is what one of the files in xinetd.d looks like
Code:
I need to get xinetd running so that i can finish installing R-1.
View 6 Replies
View Related
Oct 22, 2009
http://www.pastebin.org/47041. pixelserv is a http-daemon which returns a pixel for every http-request. It was originally written in perl [url], but this is a tad too heavy for a small linux device like a DD-WRT router [url].
I was able to compile it and it runs fine standalone, but I want to run it under xinetd using this configuration-file.
Code:
When I do a "wget [url]" from the console of that router it will fail with this in /var/log/messages
Code:
It seems it's incompatible with xinetd, but I lack the knowledge and experience to modify this. A whole community will be grateful if someone is able to make this runable under xinetd.
View 14 Replies
View Related
Apr 1, 2011
I have an Ubuntu 10.04 machine at home and apache setup on it (files are located in a Truecrypt volume). The reason for the web server being that I wanted to access my files wherever I'm at (i.e. hotel, work, hotspots, etc...). So far, it's worked out great for me seeing as a I can http download my files (or stream media files). However, I am often on a public hotspot and I know it's a matter of time before someone finds the webserver on my computer. I have the machine firewalled and password protected (via .htaccess), but either way I don't want people looking in on my computer.
The problem: I have used Truecrypt for a long time and completely trust using the program to encrypt/unencrypt a volume container to store my files. Usually, I would remote desktop into my computer and mount/unmount the volume when I needed it. However, after time it get's really annoying to do this. So I eventually figured out how to setup a bash script to automatically do this for me (which I put on the usb part of my phone). What I wanted to do was to be able send the bash script to my Ubuntu machine (via ftp from my phone) and have Ubuntu automatically run the script. Is this possible? What programs do I need on Ubuntu?
I was thinking about using something like cron, but that is for scheduled times. I don't really have a set time in which I need my files, it's pretty sporadic depending on how much I travel. Thus the need for being able to remotely mount the volume when I need it.
Summary: I need a way for Ubuntu to read a folder every minute or so to check for bash scripts to run. I want to be able to send the bash script via ftp from my phone, have Ubuntu run the script, then delete itself (so as to not store the password). I already know the script in which to mount the Truecrypt volume and how to send the file via ftp from my phone. It's really a matter of what program to use in Ubuntu to find and run the script.
View 8 Replies
View Related
Jun 26, 2011
I have a small stats program that I am using to get some sys stats. I am trying to launch this program on a particular port, using the xinetd system deamon. Here is what I am doing ...
[Code]///
View 1 Replies
View Related
Dec 18, 2010
I have simpe question about xinetd what happen to my system if i remove xinetd.conf what can i do to dont allow anyone delete xinetd.conf.
View 2 Replies
View Related
May 21, 2010
I've already installed centos 5.5 and checked the xinetd services using the command : service xinetd status and the reply is xinetd: unrecognized service.
View 3 Replies
View Related
Jun 1, 2011
i got another question, can i use YUM to install e.g. xinetd on a RHEL 4? or does RHEL4 have another command like YUM?
Code:
$ yum install xinetd
-bash: yum: command not found
View 2 Replies
View Related
Jan 6, 2011
How to configure xinetd for logging , so that it can log all incoming connections by IP address , TCP port and name of service ?
View 1 Replies
View Related
Mar 13, 2010
I want to jail Skype into its own process and not the one I login with. That way, if a hacker breaks in, it's limited to this process and only the limited functionality that that user account has. The thing is this -- thousands of Linux guys run Skype, but Skype is hardly ever updated or have security patches, and we run it all the time. It seems like an easy avenue for an exploit. As well, my iptables firew all blocks input connections that I have not established, but Skype is an established connection. How do I create a Bash script that launches Skype under a separate user account?
View 3 Replies
View Related
Jan 30, 2011
I am trying to run svnserve on startup on an Ubuntu Server 10.04 machine using xinetd
My repositories are at /home/svn, so the directory should be the same as in the example. Following the example, the owner should be www-data, I assume. (Is that right?) I've also tried the admin user account as as the svnowner (the one used to set the svnserver up).
I've never done any shell scripting, so I tried xinetd instead of using the startup script. But if I don't get any feedback for using xinetd that will be my next course of option.
For reference, the link above suggests adding
Code:
svn stream tcp nowait svnowner /usr/bin/svnserve svnserve -i -r /home/svn
to the /etc/inetd.conf file, replacing svnowner and /home/svn to the appropriate values (although I'm not 100% sure what those should be). I assume since I did a chown on the repo to www-data that www-data is the owner I need to put in that line, but it doesn't work.
It's just annoying to have to ssh in and type
Code:
svnserve -d --foreground -r /home/svn
every time I reboot.
View 4 Replies
View Related
Feb 10, 2010
I want to look into disabling things like chargen, chargen-udp, daytime, daytime-udp, echo etc...I have found a manual at:which points me towards the xinetd.conf file. I cant seem to find it, im using ubuntu 8.10 LTS. Should I be looking else where?
View 2 Replies
View Related
Nov 26, 2010
in Debian Lenny, using TightVNC 1.3.9 I can setup a VNC server manually by using
Code:
vncserver -query localhost -once -geometry 1024x768 -depth 16 :1
But then, as I have read is a better option, I use xinetd with the following configuration:
Code:
service vnc-1024x768x16
{
protocol = tcp
socket_type = stream
wait = no
[Code].....
In fact, I was considering that the problem was with xinetd, but I have other services setted up with it (telnet & ftp for example) and I can use them correctly.
So now I'm lost with this, what else am I not considering with VNC service through xinetd? Where can I find logs or useful information to get a clue about this problems?
View 11 Replies
View Related
