Fedora Security :: Can't Add Any Module
Aug 18, 2009I'm trying to add simple policy to system - Fedora 11 x86_64 updated.Where is my error? I can't add any module.
View 14 Replies
ADVERTISEMENT
Fedora Security :: X Server Restrict Via Xselinux Module
Apr 24, 2011Module xselinux appeared in new versions of XServer theoretically allows to use SELinux in order to improve security. First of all I'm interested in examples of the use of this module (configuration files and what functions it perform). Also interesting to know whether some user's actions with XServer can be restricted via xselinux module (e.g. screenshot prohibition).
View 11 Replies View RelatedSecurity :: Iptables 1.4.1 Mac Module Doesn't Work (error Message) - Fedora Core 8
Nov 25, 2010I use iptables firewall (v1.4.1) installed on FC8. I'm trying to limit the inflow traffic for the port 1723 to certain MAC addresses. To experiment with the mac option, I've written the following iptables rule:
Quote:
iptables -A INPUT -m -mac --mac-source 10:08:08:08:08:10 -j ACCEPT
It didn't work. It gave me this error message:
Quote:
iptables v1.4.1: Couldn't load match `-mac':/usr/local/libexec/xtables/libipt_-mac.so: cannot open shared object file: No such file or directory
Try `iptables -h' or 'iptables --help' for more information. Does that mean the mac module wasn't installed/enabled?
Security :: IPTABLES Rules Using Ipt_mac Module?
Feb 20, 2010I've configured squid proxy server in a P4 desktop. I've 50 users in my network. I installed RHEL 4.4 (2.6.9-42 kernel) and the iptables version is 1.2.11-3.1. I've 2 NICs installed in the system. eth0 (192.168.100.99) for local lan and eth1 (192.168.1.2) for outgoing to internet. I've connected DSL broadband modem to eth1 (default ip of DSL modem is 192.168.1.1). All the clients except few has been forced to go through squid by user authentication to access internet. Those clients which were kept away from proxy are 192.168.100.253, 192.168.100.97, 192.168.100.95 and 192.168.100.165. Everything works fine but from last week I observed that one of some notorious user use the direct IPs (192.168.100.97 or 192.168.100.95) in the absense of the owner of these IPs to gain access to internet as we applied download/upload restrictions in squid.
I want to filter the packets of source hosts using MAC address in PREROUTING chain. I read somewhere that IPT_MAC module must be installed to make this happen. So that those notorious users can not change their ips to gain direct access to internet.
Below are the contents of my iptables file (I've ommited few entries for safty purpose).
# Generated by iptables-save v1.2.11 on Wed Nov 25 16:35:57 2009
*filter
:INPUT ACCEPT [14274:3846787]
:FORWARD ACCEPT [4460:1241297]
:OUTPUT ACCEPT [16825:4872475]
code....
Security :: SELinux Module To Allow Snmpd To Write To /tmp?
Aug 11, 2010I am using the "extend" function of snmpd to run a script in order to extend a monitoring platform. This script being ran by snmpd needs to write to a file in /tmp for later parsing, but SELinux is stopping it from writing to the file under /tmp. The following two lines from my audit.log file show what is happening:
Code:
type=AVC msg=audit(1281516573.123:18422): avc: denied { write } for pid=6933 comm="test2.sh" name="tmp" dev=dm-0 ino=1474561 scontext=root:system_r:snmpd_t:s0 tcontext=system_u:object_r:tmp_t:s0 tclass=dir
[Code]..
Ubuntu Security :: Iptables Limit Module Not Working?
May 14, 2011I'm trying to limit the number of the ICMP packets reaching my server, so I'm using the limit module of iptables, unfortunately it seems the limit I set is totally ignored as I can easily send tens of ICMP packets and get a reply in less than 0.3 second Quote:
m3xican@m3xtop:~$ sudo ping -i0 -c20 x.x.x.x 20 packets transmitted, 20 received, 0% packet loss, time 230ms
rtt min/avg/max/mdev = 184.969/185.895/189.732/1.301 ms, pipe 16, ipg/ewma 12.138/186.232 ms This is the rule I'm using to accept ICMP packets (default setting is DROP)
Code:
iptables -A INPUT -p icmp -m limit --limit 1/s -j ACCEPT
And these are the kernel modules related to iptables
Code:
Module Size Used by
xt_limit 1382 0
[Code]...
Ubuntu Security :: PAM-script Module Doesn't Work Properly?
Feb 7, 2010So I installed pam-script
made this script:
Code:
#!/bin/bash
RFID_AUTH_SUCCESS=0
#Read the card
tag=`'/etc/rfid/RFID-login'`
code....
Code:
sudo test
It doesn't ask for my password and instantly authenticates as root!
if I run the above posted script manually, (cd into the dir and execute it), it works fine and produces the result 1 if positive and 0 if negative.
Security :: Module - Copy ELF Or BIN Files From The Filesystem - Get Permission Denied
Mar 17, 2010Whenever i copy ELF or BIN files from the filesystem of linux i must get permission denied. For this case i have gone through the linux security module but didn't get much help regarding the permission denied only in case of copy of ELF and BIN files from filesystem. how can i proceed in this. WORK DONE:
1. Downloaded linux-2.6.25.14
WORK NEEDS TO BE DONE:
1. compile the kernel with some modifications in linux security module to get the desired results but this time i am unaware of that.
Security :: PAM Module - Allow A User To Connect To A Server Via SSH With Any Login Name Or Password
May 5, 2010My goal is this: Allow a user to connect to a server via SSH with any login name or password without checking to see if that account exists on that server. Their account would be captured by a universal account say, 'generic_user', and then they would be directed to one of my python scripts with the username and password they supplied for initial login. At this point my script would capture their SSHD process ID and allow/deny their existence based upon a MySQL/Subscription check.
The part I'm having trouble with is with PAM and allowing the user to login with any credentials and be successfully authenticated under the generic account. Beyond that, everything is great.
Security :: PAM (system-auth) Illegal Module Type: Ccount?
Mar 8, 2011internal system mail revealed an error. Part of the mail is the below:
Feb 25 00:00:01 mbdba crond[1025]: PAM (system-auth) illegal module type: ccount
Feb 25 00:00:01 mbdba crond[1027]: PAM (system-auth) illegal module type: ccount
Feb 25 00:01:01 mbdba crond[1122]: PAM (system-auth) illegal module type: ccount
Feb 25 00:02:01 mbdba crond[1152]: PAM (system-auth) illegal module type: ccount
Feb 25 00:04:01 mbdba crond[1275]: PAM (system-auth) illegal module type: ccount
Feb 25 00:06:01 mbdba crond[1397]: PAM (system-auth) illegal module type: ccount
i have check /etc/pam.d/system-auth for the "ccount" entry, but it does not exist. "ccount" existed before in /etc/pam.d/system-auth but i managed to change it back to "account." i have grepd for the "ccount" string in all files under /etc/pam.d and i was not able to find it.
it seems that the system-auth is not able to take the now "account" string insted of "ccount" altough i have restarted crond
here is my system-auth file on the affected server:
auth required /lib/security/$ISA/pam_env.so
auth required /lib/security/$ISA/pam_tally.so onerr=fail no_magic_root
auth sufficient /lib/security/$ISA/pam_unix.so likeauth nullok
auth required /lib/security/$ISA/pam_deny.so
code....
Security :: Warning: PHP Startup: Suhosin: Unable To Initialize Module
Oct 6, 2009Trying to install the Suhosin module with the php 5.2.9 c5-testing repo...it won't run with the php 5.2.9 testing build (there isn't an updated suhosin package against the 5.2.9 build)
PHP Warning: PHP Startup: suhosin: Unable to initialize module
Module compiled with module API=20050922, debug=0, thread-safety=0
PHP compiled with module API=20060613, debug=0, thread-safety=0
What's the best way to handle this from an admin best practices standpoint? I want to do everything possible to keep the suhosin module tracked by yum for future updating etc. Is it best to try to find a suhosin rpm that is built for 5.2.9 and install it with yum localinstall? If not, if I build the module myself, what's the best path to keeping yum/rpm in the loop on this install for future updating via yum?
Fedora :: Gtk Message - Failed To Load Module "'pk-gtk-module"
Aug 17, 2011When opening gedit as a user I get the following message
Gkt-message: Failed to load module "'pk-gtk-module"
If I try to open gedit as root I get the same message but with other messages. These are shown in the attached file. gtk.txt
This is on an upgraded machine using the preupgrade method. The same has happened on two machines upgraded from F14 to F15 the same way. 64 bit systems.
How to clean this up so the messages do no appear?
Red Hat / Fedora :: Adding Ntfs Module - FATAL: Module Ntfs Is Not Found
Jun 8, 2011I am using Redhat linux 5 version 2.6.18-164.e15 with platform i686. I need to add ntfs module. I execute following command
#modprobe ntfs
but it say FATAL: Module ntfs is not found.
Security :: Track IPsec Module's Operations / Find Such A Log File - Entries In System?
Feb 25, 2009How can I track IPsec module's operations? Can I find such a log file or entries in Linux?
View 1 Replies View RelatedSecurity :: Netfilter Hook - Kernel Module - Skb_transport_header - Tcphdr Fields Wrong Values
Apr 1, 2010We are trying to implement a firewall as kernel module through netfilter hooking (in C). In the following code we are allowing only TCP traffic. Source port number and destination port number are printed for every TCP packet. On execution, this code prints wrong port numbers. This is the first time we are using skb_transport_header function for accessing tcp headers.
We verified port numbers being printed by firewall through NFS traffic. On the same machine where firewall is running, we hosted an NFS server. An NFS client (from a different system) puts a file in exported mount. Firewall is able to capture packets for this file transfer but port numbers printed are wrong. It prints '69' for source portnumber (whereas ethereal capture shows it as 790) and prints '553231' for destination port (whereas for nfs version 4 it has to be 2049).
[Code]....
Security :: Iptables State Module - Configuration Error / Not Enable Incoming Packets From Connections Initiated From Inside?
Mar 30, 2011I have a server that I can only access via SSH (it's located far away) and I would like to secure it by blocking all ports except the ones that I need (which are HTTP and SSH). I still want to be able to make outgoing connections to enable software updates and other things.This is my iptables -L -n :
Code:
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpts:1:21
DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpts:23:79
DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpts:81:65535
code....
In my opinion, this should block all incoming packets except the ones on port 80 and 22, but allow responses to outgoing connections. But a wget http://google.com does not work, it can't establish the connection.
Maybe this is not the best style for iptables rules, but I want to be absolutely sure to not accidently lock myself out from SSH, so I chose not to configure a "block-everything rule".
Does this configuration not enable incoming packets from connections initiated from inside?
Fedora :: Error "Failed To Load Module "nvidia" (module-specific Error,0) No Drivers Available
May 1, 2011I've been unable to boot into x using the real-time kernel from CCRMA at home. I get the error "Failed to load module "nvidia" (module-specific error,0) no drivers available. I'm using the driver from Nvidia. I know that this is not an official Fedora kernel and I should be bothering CCRMA about this, but in the mean time could I edit the entry in grub.conf so that it will use the Nouveau driver for that kernel only? That way I could "dual-boot", and just use the rt kernel when I want to use audio software and don't need 3d graphics.
View 5 Replies View RelatedSecurity :: Deprecated Pam_stack Module Called From Service "su-l"
Nov 17, 2010I get the following message in /var/log/secure: Nov 15 09:27:21 su: Deprecated pam_stack module called from service "su-l"
I have done some research and it seems I need to get rid of pam_stack.so in /etc/pam.d/su but I can't find out what to use in its place.
Below is a copy of my /etc/pam.d/su file:
Code:
From what I understand, I need to replace the line "auth required pam_stack.so service=system-auth" with "auth include system-auth"
My problem is how do I then go about limiting access to su based on group membership without pam_stack.so?
Hardware :: Partport Module Is Seeing Parallel Port But Lp Module Doesn't Found Any Device
Mar 3, 2011I am trying to install a Sunix 4018T dual parallel port card on a pc with Mandriva Linux 2010.1: Dealer told me that linux has driver for this card already so I inserted it and turned on my pc. Unfortunately when I try to install my Okidata ML320, cups it's not showing any parallel ports. I try to update all the system with last patches and packages :I tested the card on a pc with windows xp, installed my printer and it works perfectly.
View 3 Replies View RelatedNetworking :: Rtl8187 Driver Module Load Error (Invalid Module Format)?
Jun 1, 2009When I try to load the Realtek 8187 modules to kernel using the ./wlan1up command, I get the following error:
[root@localhost rtl8187_linux_26.1025.0328.2007]# ./wlan1up
insmod: error inserting 'ieee80211_crypt-rtl.ko': -1 File exists
[code]...
Can someone tell me how to correct the "Invalid module format"? I hope that correcting the "Invalid module format" error, I will not have the "Unknown symbol in module" error.
Note: I am using wlan1 for this module as I previously am online with the wlan0 network.The same error occurs if I use ./wlan0up.
Ubuntu Servers :: Enable The Rewrite Module In Apache To Enabled The Module?
Jan 28, 2010I'm trying to enable the rewrite module in apache, to enabled the module I followed the last entry in the fist page this thread:[URL]...When I restart the apache all works fine, so I supose it's enabled
Now I create .htaccess in my apache folder (/home/user/apache), and I write this:
Code:
RewriteEngine On
RewriteRule ^link([^/]*).html$ test.php?link=$1 [L]
And I try to execute this: ./.htaccess, I have this mistakes:
Code:
./.htaccess: 1: RewriteEngine: not found
./.htaccess: 2: Syntax error: "(" unexpected
What are I doing wrong?
Ubuntu :: Error While Hash Checking Of Torrent - The Sha Module Is Deprecated - Use The Hashlib Module Instead From Sha Import Sha
Jun 8, 2010Code:
nits@nits-desktop:/mnt/Storage/Tors/Incomp$ btdownloadcurses --check_hashes 1 filename.torrent
/usr/lib/python2.6/dist-packages/BitTorrent/Storage.py:4: DeprecationWarning: the sha module is deprecated; use the hashlib module instead from sha import sha
These errors occurred during execution:
[09:37:48] IOError - [Errno 5] Input/output error
Got this error when I tried hash checking, was downloading the file using rtorrent when there was a sudden powercut and my system shutdown abruptly, tried restarting the torrent and kept encountering problems while restarting.
General :: Adding A New Kernel Module To Wireless Driver Module?
Apr 22, 2010I want to add some code in existing linux2.6.33.2 to enhance kernelI want to know how to start and where to add code.
View 2 Replies View RelatedGeneral :: Install Module U32 Into The Netfilter Module For Kernel 2.6.27
Jan 30, 2011I need to install module u32 into the netfilter module for kernel 2.6.27.
I did not see the source code in the kernel version I have. where can I find the code for U32 module.
I have checked "netfilter.org" and looks like POM is discontinued. Is the u32 module committed to kernel version 2.6.27 or need to patch it. If yes, where can I find the patch?
I building the kernel for a MIPS processor.
OpenSUSE :: "canberra-gtk-module" Error Failed To Load Module "canberra-gtk-module"
Jan 28, 2010OK Trying a fresh install of bnome openSuse, and I have certainly screwwed something up again and hope I don't have to reinstall again., arghhhh! Tomboy won't open, even after reinstallation, and below is the error, but first, as well I can't open my .odt file with openoffice writer!
now the error... #tomboy Gtk-Message: Failed to load module "canberra-gtk-module": libcanberra-gtk-module.so: cannot open shared object file: No such file or directory Gtk-Message: Failed to load module "gnomebreakpad": libgnomebreakpad.so: cannot open shared object file: No such file or directory ...and lots more
Programming :: Load Fortran Module For Matio Libraries Using Gfortran - Can't Open Module File 'matio.mod' For Reading
Jun 27, 2010I am interested in using fortran and an external library called matio used to save arrays to matlab .mat files. I have installed the matio and matio-dev packages from synaptics but i cannot compile a code receiving an error Code: christos@christos-laptop:~/Desktop$ gfortran -o test test.f90 -lmatio -lz test.f90:2.13: USE MATIO 1
Fatal Error: Can't open module file 'matio.mod' for reading at (1): No such file or directory How can i load a module in order to use it in fortran through the GCC compiler?
General :: Failed To Load "canberra-gtk-module": Libcanberra-gtk-module No Such File Or Directory
Mar 25, 2011i installed firefox 4 and removed the old 3.X version. did a general update that my computer showed me was available then i noticed the first problem. firefox 4 would not launch when i clicked it, it would only launch when i clicked the gnome 3 applications button and then clicked and dragged the firefox logo to the desktop, then it opened. the second problem i am now having which at the moment is more bothersome is that after i closed the lid to my laptop and opened it up again after a while and logged back in and noticed that the ENTIRE gnome 3 environment was gone. no panel no menu nothing just the desktop and a few desktop icons. i tried the command "yum install gnome-shell" but it just sed that gnome 2.31.5-7 .fc14.i686 was already installed so it wasnt gonna do anything, then i tried the "gnome-shell --replace" command and it just said
failed to load "canberra-gtk-module": libcanberra-gtk-module no such file or directory.
OpenSUSE Install :: Failed To Load Module "fglrx" (module Does Not Exist, 0)
May 8, 2011I've installed openSuse 11.4 server-mode (text only) on my desktop, and I'm trying to configure IceWM so i'll eventually have it set up so it always boots into text only mode, but I could be able to quickly start icewm via the command line.using Yast, I installed the Xorg server, and icewm.when I type X, the screen goes black and it just doesn't seem to do anythingI found if I hit ctrl+alt+f1 it kinda puts me back into text only mode, but I can't put in commands anymore. The last thing it says on the screen is:
Failed to load module "fglrx" (module does not exist, 0)
I've goggled that error message and the discussions that popped up around it made no sense to me at all. I've never configured X from scratch before, can someone point me towards a tutorial or something?
Fedora Security :: Script To Add Security Spin Tools To Normal Installation
May 22, 2011love security/pentest tools. This script adds ALL the tools from the Security Spin, plus Metasploit. Feel free to modify it if need be.
View 12 Replies View RelatedFedora Security :: Wierd SeLinux Security Alerts \ Got:Code:Summary: System May Be Seriously Compromised?
Apr 13, 2011this is the allert i got:Code:Summary:Your system may be seriously compromised! /usr/sbin/NetworkManager tried to loada kernel module.Detailed Description:SELinux has prevented NetworkManager from loading a kernel module. All confinedprograms that need to load kernel modules should have already had policy writtenfor them. If a compromised application tries to modify the kernel this AVC willbe generated. This is a serious issue.Your system may very well be compromised.Allowing Access:Contact your security administrator and report this issue.Additional Information:
Source Context system_u:system_r:NetworkManager_t:s0
Target Context system_u:system_r:NetworkManager_t:s0
Target Objects None [ capability ]
[code]....