Fedora Security :: Setup Protected Web Directories On Server F8 32bit
Dec 19, 2009
I am trying to set up Protected Web Directories on my server Fedora8 32bit I have webmin 1.5 and there is Protected Web Directories option, so I follow instructions and setting up all what is asked, in dir what I need to protect shows up 2 files:
[Code]...
View 6 Replies
ADVERTISEMENT
Jul 3, 2009
I'm testing a Debian Lenny virtual machine to simulate my ideal setup for FTP server (with vsftpd): I want all internal users (corporation users with Active Directory accounts) to ftp into the same directory (i.e. /var/FTP/AD-DOMAIN/) and external users (customers) to ftp into their home directories (created manually on request).
I added user_config_dir=/etc/vsftpd_user_conf option in /etc/vsftpd.conf file and I've created /etc/vsftpd_user_conf/domain-user1 with local_root=/var/FTP/AD-DOMAIN
I have setup vsftp so I can ftp with every external and internal user chrooted and is working properly. AD validation for internal users and "normal" validation (via /etc/passwd) for external users work perfect.
I can FTP this server into /var/FTP/AD-DOMAIN with any AD user with its home directory created (i.e. /home/AD-DOMAIN/domain-user1/) but if I try to ftp with any AD user without its home directory created I get the error "500 OOPS: cannot change directory:/home/AD-DOMAIN/domain-user2"
I have found some references (http://wiki.flexion.org/FtpServer.html and http://howto.gumph.org/content/setup...ies-in-vsftpd/) about vsftp PAM authentication so I would supposedly get rid of the error message and the user would log into /var/FTP/AD-DOMAIN without problems, but I can't figure out how to setup my FTP server.
View 1 Replies
View Related
Aug 24, 2010
I have my own dedicated server box running (using it for game servers). I access it via ssh and I have root control of it. It has FEDORA Operating System. I wanna give FTP control of different directories to different users. Right now there are no other FTP users except root. I have installed vsftpd and dont know what should I do next? How do I add users (who can read/write/delete files) and How do I restrict them to their home directory?
Here is what I want:
username:client1
password:12345
home directory: home/server1
username:client2
password:12345
home directory: home/server2
View 1 Replies
View Related
Jan 18, 2010
I have a bash script that will unencrypt a file, use the unencrypted file for a very short time and then delete the unencrypted file. The problem is that my password is in clear text
[code]...
Obviously this isn't so secure, but I need the script to be non-interactive. How do I hash, encrypt or otherwise make secure the password for the openssl command? I know that the openssl can protect passwords, e.g.:
openssl passwd -crypt "password"
But can I use this protected password in my script?
View 3 Replies
View Related
Nov 19, 2010
I have this project for my operating systems class and I have put together the basic flow chart to aid me in writing the program. I know how to use pipes as a buffer to hold info. I know how to create a binary semaphore. But what I dont know is this:
How to "use a delay adjustment parameter K in the critical section to adjust the speed of the display process to show that without semaphore protection the displayed contents of the buffer are randomly interleaved."
First off, I am definitely not asking anyone to give me the solution. But I do need some guidance. So I figure there will be an if statement with two options:
1. If true, use semaphore protection to enter/exit critical section
2. If false, no semaphore protection -- this is where the contents of the buffer should be interleaved.
Now does that mean that as each child process enters the non-protected critical section, it should "sleep" for a randomized time? I mean, will this allow my output to be interleaved?
So lets say my command line looks like this:
what happens to the 100? Is it randomized using rand and srand and passed as a parameter to sleep() inside the critcal section?
View 5 Replies
View Related
Sep 11, 2010
I was trying to make my grub2 password enabled. So I went through several blogs and forums(every thing has same way). What I do is I add following line this the /etc/00_header file
[Code]....
View 2 Replies
View Related
Mar 11, 2011
How can I configure my SSH server (OpenSSH on Debian 5) so that it requires public key authentication *and that the keys are password protected*?
View 8 Replies
View Related
Mar 19, 2010
Is it possible to somehow setup a secondary group of log files that log every action taken on the server where your average user wouldn't know that they're being logged. Perhaps if a hacker got in and messed around or something you'd be able to see what they did, but they wouldn't have permission to modify the file.
View 1 Replies
View Related
Jul 31, 2010
I have a drive that originally was used with a Linksys Network Storage Link (NSLU2), then stopped working with it. Now I'm trying to get the files off the drive. When I USB connect the drive to Ubuntu, I can see the files, but I'm unable to open them or copy them. The error message is: "Error Opening File: Permission Denied". I did have permissions set on the NSLU2. So far I'm not able to find a way to get around the permissions issue in Ubuntu.
I have used apps like EASEUS Data Recovery and Recover My Files. It appears that they are finding the files and are able to access them, so I know it can be done. I don't mind spending some $, but these apps are taking a *long* time to run. If I could properly access the files in Ubuntu long enough to copy the files, I think I'd be all set.
View 2 Replies
View Related
Feb 23, 2011
I use ubuntu 10.04 as my OS. Im in the look for a good and simple application in order to password protect a folder or two on my portable hard drive. I really dont need high levels of encryptions but I wouldnt mind if the usage is not so complicated.
View 5 Replies
View Related
Feb 12, 2010
I'm learning to secure my server in the best way I can think of: By learning to attack it. Here's what would like to accomplish. I have SSH set up on a linux box in a offline lab environment.
Username: root
Password: ajack2343d
Now, I know I can simply brute force this as I know the password, but there has to be other ways, and I wish to learn them.
View 8 Replies
View Related
Oct 18, 2010
I have a small network at my office (3 workstations, 1 ubuntu desktop that I'm using as a file server). I'm using a WRT54G2 router for networking and internet connectivity. Here's what I'm trying to accomplish: I want to be able to access my little file server from home, across town. I think ssh might be the best way to go now. What I don't know: How do I set up the ssh server on my machine/network without compromising my network security and the security of my server? Do I just set up port/ip forwarding on my router, install openssh, and that's it?
View 9 Replies
View Related
Jun 19, 2010
I've set up a server for the first time today and I'm reading up on how to secure it. But I was wondering if anyone here would give me some tips from personal experience on what to do before going online with my website for the whole world to see. I'm running Ubuntu Server edition and Apache. Am I good to go with default settings or is there anything recommended that I should first do?
View 9 Replies
View Related
Jul 1, 2010
venturing into unfamiliar territory so I'm hoping someone can help me and make things a little more understandable for me. I have setup Postfix on a standalone server connected directly to the internet. I have got inbound and outbound email working for the most part, but I am worried about security.My fear is that if I leave port 25 open to the outside world spammers will find this and start relaying mail through it and eventually blacklisting the IP attached to this box.
For now, I am hosting mail for a single domain and single user (me) with a few aliases. I plan on expanding to IMAP and SMTP access from the outside at some point, but for now I've been using Mutt in a shell and it's fine for my needs for now.
Here are my current Postfix settings:
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
[code]....
View 3 Replies
View Related
May 30, 2010
I'm trying to setup a NFS4 server (no security, local home network behind FW). It seems that I'm missing something because 'rpcinfo -p' does not list v4 for NFS: petit-pois:/home/eric# rpcinfo -p
[Code]...
View 3 Replies
View Related
Feb 13, 2011
Trying to setup a Kerberos + OpenLDAP server to manage users for our Samba shares (was going to use just OpenLDAP, but apparently it is less secure than using Kerberos with it). (Distro: CentOS 5.5) Haven't even gotten to the point of connecting either to Samba yet. I have set up a Kerberos server, and configured it as necessary. I am happy that it is working as intended, as I can login and manage principals from both the local terminal and remotely on other clients.
I have setup a server (sv1.myhost.net), and configured it to talk to Kerberos (auth.myhost.net). I have created both a [URL] principal, and a testuser principal. I have set the password on the testuser but not on the host/sv1.myhost.net. I have added the keys for both users to the keytab file on the sv1.myhost.net. I am at a Windows 7 machine (on the same internal network), and have installed the Network Identity Manager. It is able to request a ticket successfully for the testuser account.
When I use putty w/GSSAPI (0.58) to remote login to the system, it says using 'testuser' and then just hangs there. Eventually putty connection times out. The fact that both machines can connect to the auth server to communicate with kerberos correctly suggests firewalls are correct. The relevant entries in sshd_config have been uncommented to tell srv1 to use Kerberos authentication.
View 3 Replies
View Related
Jul 22, 2009
Up until recently, as in a few days ago, I was using Ubuntu and had ufw managing the firewall.It's been "recommended" that iptables itself be used. Where do I do the rules go (as in a file) and how do I call those rules at startup?
View 6 Replies
View Related
Dec 5, 2010
want to set up snort on my F13 home computer.Is there a simple way to do it or do I have to do it the hard way (compiling and stuff) ?I want to use snort for intrusion prevention and detect possible threats from internet.
View 3 Replies
View Related
Nov 11, 2010
I have a removable USB drive formated with NTFS. I enabled all the samba boolians in the SElinux GUI but it still doesn't seem to work. If i put it on permissive it will work. What more is there that i need to do to get my directories to show up on samba with selinux enabled?
View 2 Replies
View Related
Jun 25, 2011
I have been trying to setup IPSEC encryption between two linux boxes. I have a server application which runs on Linux Box A and a client application which runs on Linux Box B. The client sends the data to server. I have captured wireshark logs at both server and client end. In the wireshark logs I can see that the Box B send ESP packets to the Box A.
But the server Application running at Box A is is not able to get any packets. If I turn the policy off at Box B, Box B sends normal UDP data packets to Box A, but still the Server Application running at box A doesn't get any packets.( Expected behavior since policy at Box A enforces that all packets coming from Box B should be encrypted.)
If I turn the policy off at Box A and Box B both, the server application receives the unencrypted data which is also expected behavior. But when the policy is turned on at both the boxes the encrypted packets reach the Box A but are not delivered to the server application. If anyone has faced such issue please help me to debug this issue. I have attached the ifconfig and policy settings at Box A and Box B for your reference.
View 2 Replies
View Related
Feb 3, 2010
Is there a way to delete files on the commandline that uses the KDE-Wastebin?It appears that I never ever need the KDE4 Wastebin for files that I deleted through Konqueror or Dolphin. It is only when I delete files on the konsole with rm that I wish I could undelete them. It always happens like that, mostly by being in the wrong directory or using a wildcard when I should not have. (I don't have any erroneous deleted file right now, and I do have plenty of backups, but I just wonder whether there is something better than rm to use generally on the commandline.)
View 9 Replies
View Related
Jul 4, 2011
Is there a way I can change the security context of only the directories, & only files, recursively, in bash?
View 11 Replies
View Related
Jan 4, 2010
If you hadn't guessed it from my last 3000(ish) java-related posts, I'm a Java n00b writing a Java Applet for a work project. I got to the part was I was about to write the applet code that would send HTTP requests to my CGI scripts. But I read some paragraphs in a book praising Java servlets as better that CGI because they are easier to use and give much better performance server side. My server load isn't very big, though, and I was wondering if it would be worth taking the time to learn about Java servlets and how to set up the server side configuration on my Fedora web server.
View 3 Replies
View Related
Mar 22, 2010
This is sort of a weird question.'m helping an agency develop a Microsoft Access database. They use windows and I use Fedora. I can run Access in Crossover Office if I don't get too fancy.I've sent what I've done to them for their review and comments and somehow it has become password protected. I've checked the Access settings and their is no password set from Access. I've tried a chmod666 on the file and sent it to him again and he says it is still calling for a password
View 2 Replies
View Related
Apr 13, 2010
Is there a way to restrict users that are logged into the shell via SSH/Telnet/SFTP from using the 'cd' command to move into certain directories, yet not use the chmod command to do it? For instance, restrict users logged in from accessing the /var/www/ folder but have it still accessible using a web browser. Also, would this defeat the purpose since they could just wget from it if its still web accessible through a browser?
View 8 Replies
View Related
Jun 5, 2010
Is there a way to encrypt existing home directories in lucid so that they will unlock with pam-encfs when the user logs in? Or must you do this when the directory is created?
View 1 Replies
View Related
May 4, 2010
I was running '# ls -l' in '/' directory and I noticed all directories in '/' have the following permeation 'drwxr-xr-x' [except root's home which is 'drwx------' (after I change it from 'drwxr-xr-x' )]
I don't want all the user (except root) to be able to read and execute (in) any directory, I just want every user to be abel to read/write/execute only in his/her home directory.
my question is, is it ok to change file and directory permeation of the following directories in '/' from 'drwxr-xr-x' to 'drwxr-x---' or 'drwx------' recursively?
/bin
/boot
/dev
/etc
[Code]....
-I and the other users use the pc for internet, open office and email mainly.
-It does not run server(s) like smb/cif or NFS.
-There are 5 usernames (created by me, non of them are superusers) in th pc, only one user is required to login at any one time.
View 3 Replies
View Related
Jan 20, 2010
Is it possible to restrict users to their home directories and allow admins to have different home directories? Essentially I want users to have a folder in /var/www/html/$USER and admins to have either unrestricted access or have their root directory be ./ or /www or /etc. I have is set now so users have access to thier home direcotry but I need to upload web files as admin.
So far I have created:
chroot_list
user_list
[code]....
View 1 Replies
View Related
Nov 22, 2010
Sorry to sound like a newbie dope but I somehow extracted a folder to the desktop and can't delete it because it says I don't have permission to read it. How can I delete this folder?
View 4 Replies
View Related
Aug 1, 2010
I ran a chkrootkit scan and found this: The following suspicious files and directories were found: /usr/lib/pymodules/python2.6/.path /usr/lib/xulrunner-1.9.2.8/.autoreg /usr/lib/firefox 3.6.8/.autoreg /usr/lib/jvm/.java-6-openjdk.jinfo
How do I get rid of this suspicious file?
View 4 Replies
View Related