Fedora Security :: File Access Honeypot For Server?
Mar 24, 2011I'm trying to find a file access honeypot for our Fedora server.That is, if a local file is accessed, it should notify someone. Plain and simple..
View 8 Replies
ADVERTISEMENT
Security :: Sample Attack On Honeypot System?
Nov 23, 2010I have implemented two machines one for honeypot(192.168.100.10) and another(192.168.100.20) to remotely log the honeypot log file using syslog. Inside honeypot I emulated another 3 machines with services on virtual IPs of that same block.Now honeypot is working and I can see the logs generating as I did a portscan(nmap) on those virtual IPs from .20 machine.All of the machines are running ubuntu.
But does anyone know any s/w or tools which originally attackers use so that I can get a clear picture of what happens from the logs. Having problems creating these attack scenarios.
Security :: Low Interaction Honeypot (based On Nepenthes) Worm Infection?
May 19, 2010I have snipped part of my log i captured on the my honey pot need recommendation on what is going o? The infected computers is located at address ${ADDRESS}. A quick check of my low interaction Honeypot (based on nepenthes) gives the following data: i know its a worm but what is going on thanks in advance
linux-sqos:/opt/nepenthes/var/log # cat nepenthes.log
<snip>
[18032007 02:26:03 info module] 76 4
[18032007 02:26:03 info module] SMB Session Request 76
H CKFDENECFDEFFCFGEFFCCACACACACACA
code....
Ubuntu Security :: SSH Server - Monitoring File Access
Oct 1, 2010At our company we have a central server with client files. This server has a SSH server installed, and through Nautilus all employees can access the files. However, I have a few questions:
1. Most employees need access to all folders, because they might use them at some point in time. However, I want to make sure they are not accessing things they do not need. How can I do this? For instance, if somebody copies all of the folders to his/her computer, I want to be able to see this in some sort of log. Can this be done? Copying and accessing in general is what is of my concern.
2. Some employees only need access to specific folders. Can this be easily configured with SFTP?
3. Some also use SSH and type commands which I want to check every now and then (e.g. to make sure an intern is not again copying information or accessing folders they should not be in). What is a good way to do this?
Security :: Real System In Between Honeypot Monitoring Range / "Connection Timed Out"?
Dec 6, 2010I am just out of curiosity working with honeypot and found there are two way for arpd to route the unused IP to honeypot with blackhole and arp spoofing.Now to test, I am arp spoofing 5 machines from 192.168.100.41 to .45 and also honeypot is monitoring this range too. But I have setup a real machine with webserver in between this range and gave IP address 192.168.100.45.Now logically as arp and honeypot both are monitoring this range so they capture this request as below from log:
PHP Code:
arpd[1690]: arpd_lookup: no entry for 192.168.100.45
arpd[1690]: arpd_send: who-has 192.168.100.45 tell 192.168.100.10
arpd[1690]: arpd_send: who-has 192.168.100.45 tell 192.168.100.10
arpd[1690]: arp reply 192.168.100.45 is-at 08:00:27:00:76:e5
arpd[1690]: arp reply 192.168.100.45 is-at 08:00:27:00:76:e5
code....
Now arpd is redirecting the traffic to honeypot machine as there is a real system with real MAC address. But from 192.168.200.10 I can also view the webpage of 192.168.100.45 machine. But most of the time it says "Connection Timed out".
Should it be acting like this or it shouldn't be showing me the webpage at all?
Red Hat / Fedora :: How To Access Windows File Server?
May 9, 2011I am new to linux and know some basics, no proper knowledge of servers. I want to know is that how can i access my companies "fileserver" from linux (gui as well as from cmd line). This file server i can access easily from windows machine but i don't know how to open/access file server from linux machine..If can tell what tools are needed and also but is the process from command line.File server is windows server and my machines is Redhat linux.
View 3 Replies View RelatedFedora Networking :: Access Shared File In Windows Server?
Dec 20, 2010I installled it 2 weeks ago. How do I access the windows sharing from the fedora box. My windows network is on AD that runs on Win 2003 Server.? I can ping to the server, but how to access the sharing? I had look at the forum and some are very technical.
View 4 Replies View RelatedUbuntu Security :: File Access Permissions
Mar 3, 2010I am setting up a new ubuntu server, and I am quite new to linux. This server will be used as code repository for a project I am going to be working on. I plan to setup 3 groups for users: dev, test, doc
- for various developers, testers and documentation users.
I would like to setup the following permissions on the main code repository directory:
dev - write permission
test - execute permission
doc - read permission
public (anyone outside these groups) - deny all access
I am unsure what chmod setting to use, or if this is even possible in ubuntu.
Security :: Deny Root Access To A Given File
Dec 7, 2010I would like to know if it is possible to deny the access to a file for root? Would ACL's be a possibility? I have "googled" around but haven't found anything interesting (except SELinux). I should secure a password file to an important database.
View 6 Replies View RelatedSecurity :: Isolate File Access For Program?
Mar 12, 2011it is possible to change the root directory for a single, particular program. For example, I have an executable, 'miscreant.bin' that has all of it's required libraries in a directory named "libraries", in the same directory as the said executable. I can launch the program and make it use the libraries included with the executable rather than the system with:
Code:
/lib/ld-linux.so.2 --library-path ~/miscreant/libraries ~/miscreant/miscreant.bin
...or...
Code:
env LD_LIBRARY_PATH=~/miscreant/libraries ~/miscreant/miscreant.bin
With either, miscreant can be portable. But, I would also like to change the root directory (like chroot) of miscreant, so that the directory "~/miscreant/sandbox" becomes the root ("/"). So, if miscreant created a file named "/home/bryan/miscreant", it will be redirected to "~/miscreant/sandbox/home/bryan/miscreant". I am running Crunchbang 10 (Statler) on a 32-bit Atom netbook.
Ubuntu Security :: RAID 1 Drive - File Access Date
Aug 4, 2010When I replace a drive in a RAID 1 and then resync it, why does the file access date (all the files) on the drive from which I am syncing not change? Shouldn't the file access date always change when I copy a file? Are there ways to overgo this?
View 3 Replies View RelatedSecurity :: Flow Chart For File Access And Permissions Processing?
Jan 25, 2011Is anyone aware of a detailed "flow chart" -- arrows and decision diamonds, etc -- that describes the file access and permissions processing? I would love to see that diagram. Years ago on a platform far away (Digitial VAX/VMS) their manuals had such a flow chart that covered not only the user-group-owner and read-write-execute permissions decision making but also include "access control list" processing at a superficial level. If someone has access to the VAX/VMS flow chart, that might be a start toward sorting what linux does.
View 4 Replies View RelatedSecurity :: Only Allow Root Ssh Access To The Server?
Feb 17, 2010When creating 10 samba users I also created Linux users. I do not want these Samba users to be able to use putty, winscp etc to access the server.
Do you know how I can restrict ssh access to specific users?
Security :: Access The Server Using SSH - Getting PAM Authentication Error
Feb 10, 2011I'm new in UNIX & trying to access the server using SSH but I encounter this error PAM Authentication Error. I use edit /etc/ssh/sshd_login & set the PermitRootLogin to yes. But didn't work. I used this command ps -ef | grep sshd & saying Process environment requires procfs(5). I don't know what to do now. What I want is access it by SSH but I got Access Denied. [MOD]Pruned from [URL]. create your own thread instead of resurrecting a five year old one.[/MOD]
View 1 Replies View RelatedUbuntu Security :: AppArmor Protect Devices And Limit Their Access To The File System?
Nov 9, 2010This might sound really stupid, so you'll all have to excuse my lacking knowledge. I read that USB attacks get more and more common, like putting in an USB stick with a malicious autorun script on it, and it's game over. Can AppArmor protect devices and limit their access to the file system?
View 5 Replies View RelatedSecurity :: When To Give Write Access To Folders On A Web Server
Feb 3, 2011on the following link [URL] section 2 says
Quote:
The following directories need to be readable, writeable and executable for everyone:
* dokeos/main/inc/conf/
* dokeos/main/upload/users/
* dokeos/main/default_course_document/
* dokeos/archive/
[Code].....
I am not at all convinced by the idea of giving permissions to read,write and execute as these Learning Management Systems say. Let me know what you people have to say? What is the best practise in such situations? I have to get all these LMS run on same web server.
General :: Security - Securing A Server When There Is Potential Physical Access?
Jun 9, 2011We want to set up a Linux server (hosting Git or later SVN repositories) which should have all stored data strongly encrypted, so that if one steals the server the data cannot be read. For example, our notebooks have all important data stored on a "true-crypted" partition.
We plan to access it with SSH private keys and only after successful login should the data be readable. The server would be located in our office, shut down at night and not be connected to the Internet directly, but only accessible in our intranet.
Security :: Protect Samba Server For Limiting Access To Certain Domains?
Nov 24, 2010I was looking for a way to protect my samba server for limiting access to certain domains.Can I use the parameterhosts allow = example.comor something like that or is there another way to do the job for domains
View 4 Replies View RelatedUbuntu Security :: Access To A Virtual File System For The Thermocrom Without Needing To Launch Owfs As Root?
Feb 12, 2011I have been trying to use my DS2490 USB to serial device with a Maxim .DG1921G thermocron with owfs. It is supposed to give me access to a virtual file system for the thermocrom without needing to launch owfs as root.
Code:
/var/log/messages gives:
Feb 8 16:22:45 norman-HP-G56-Notebook-PC kernel: [ 236.140141] usb 5-1: new full speed USB device using ohci_hcd and address 2[code]....
but if ds2490 module is loaded it works when run sudo.It seems from this that it is a lack of permissions to USB but I have tried all the methods on at http://owfs.org/index.php?page=udev etc. to overcome this and a few others but none work.I am running Ubuntu 10.10 kernel 2.6.35-22-generic #33-Ubuntu SMP
Security :: Access Dom0 Files During Vsftpd Server From DomU During Ftp Client
Aug 24, 2010I have CentOS 5.5 distribution with Dom0 and DomU installed. I try to access Dom0 files during vsftpd server from DomU during ftp client. I successfully login with root and simple user, but when I try to list (or cd to some directory) in user home the SELinux prevent it from me. I get this in audit.log:
[Code]....
Server :: In Apache Server, Change Log File Location And Log Format For Access Log Fil?
Aug 19, 2009I installed Apache server with Debian 5.0.2 Lenny. I am trying to write a script which would analysis web log files. I found the log files on /var/log/apache2. There is an access log file, `access.log`. My question is what configuration file determines the location and the name of the access log file. How can I change them? I used CustomLog in /etc/apache2/apache2.conf like below.LogFormat ": %h %l %u %t "%r" %>s %b" common
CustomLog /home/test/my_log_file common Apache2 generated /home/test/my_log_file. But no logs were written in the file even after I run `/etc/init.d/apache2 restart`. Ichanged the log file location. It still didn't work. However, Apache2 still wrote logs in the file `/var/log/apache2/access.log`
Server :: Access Ubuntu File Server If It's Connected To A Router?
Feb 13, 2011I want to access files on my ubuntu server wireless. Is there a way I can do that? I'm sorry if this is a stupid question, but I'm kind of new at this whole server thing.
View 5 Replies View RelatedSecurity :: Iptables - Limit Access To Port 8443 On Server To 2 Specific IP Addresses
Dec 23, 2010I'm trying to limit access to port 8443 on our server to 2 specific IP addresses. For some reason, access is still being allowed even though I drop all packets that aren't from the named IP addresses. The default policy is ACCEPT on the INPUT chain and this is how we want to keep it for various reasons I wont get into here. Here's the output from iptables -vnL
[Code]...
Note the actual IP we are using is masked here with 123.123.123.123. Until I can get everything working properly, we're only allowing access from 1 IP instead of 2. We can add the other one once it all works right. I haven't worked with iptables very much. So I'm quite confused about why packets matching the DROP criteria are still being allowed.
Red Hat / Fedora :: Cant Access My Site. Forbidden You Don't Have Permission To Access / On This Server
Feb 9, 2010Have no idea what I am doing operating a server. Our programmer got a new job and I am the one who has to take it over. Everything was fine til yesterday. You see I made a control panel to easier update the site www(dot)discoverysound(dot)com
but yesterday when I went to update the site I got an error called fopen. I thought I fixed it (and boy did I ever) but now I cannot get to my site because it says Forbidden You don't have permission to access / on this server. Apache/2.0.47 (Unix) mod_ssl/2.0.47 OpenSSL/0.9.7a DAV/2 PHP/4.3.3RC4-dev Server at www(dot)discoverysound(dot)comPort 80.
Fedora Security :: Access To Vds Blockage?
Apr 2, 2010I use putty and plink through ssh to support some process on my vd server (fedora-7) at godaddy. When login with plink frequently (ones per 10 seconds for just few minutes a day), the server blocks my access everywhere (sftp, http, control panel) for about 10 minutes and resumes then.Customer Support told me they do not have any blocker but I see that my ip is blocked for these 10 min. meanwhile I can access everything there from other address.
View 7 Replies View RelatedSecurity :: Viewing SSH Access In Fedora?
Jul 8, 2010How can I display the IP addresses that have accessed my Fedora machine via SSH? In particular i want to know if they logged in and what they may have done while logged in.
View 2 Replies View RelatedFedora Security :: MLS - Categories And Access To Files?
Apr 7, 2010I have 2 users: carol, carol2 and 2 files in /: filea, fileb. I want to carol has access only to filea and carol2 only to fileb. I need to do this with MLS (range). I dont want do this with levels because user that is higher has access to both files. How to do that?
View 13 Replies View RelatedFedora Security :: Any Way To Block IP Address Access?
Jul 27, 2011I recently set up a web server at home, using a non-standard port, due to my ISP blocking 80. I just checked my log files, and I see a TON of entries indicating that a file was not found "proxy-1.php", "proxyheader.php", etc. I do not have these files, not intend to have them as part of my website. I did a whois looking by IP address for several of these, and they all seem to come from an ISP in China. Is there a way to BLOCK any IP address outside the US (that is somewhat simple to do?)
View 5 Replies View RelatedSecurity :: New Fedora DNS Install But No Port 53 Access From The Outside?
Dec 13, 2010I have installed Bind 9 on a new Fedora machine:
Code:
[root@***]# rpm -q bind
bind-9.7.2-1.P3.fc13.i686
It was yum installed and all went well without error but I'm not able to access bind on port 53. Selinux is disabled for this test, and the iptables have been saved to the below config in the INPUT chain:
Code:
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT udp -- anywhere anywhere udp dpt:domain state NEW
[Code].....
Fedora Security :: Prevent People From Unauthorized Access?
Mar 19, 2009I'm doing a research to protect my pc from physical access. What I'm facing here is that my company created a program for fedora 8 and plans to sell the unit away. We created a function where you can configure the program using any web browser from a network so we do not want anybody to have access to the fedora except for out personnel.
Based on my research, I've found [URL] this guide to protect people from accessing grub and single user. I am currently researching on preventing others to clone the harddisk. I would like to know if there are any other methods to prevent people from unauthorized access to fedora.
