Fedora :: /etc/security/console.perms.d/<*>.perms Files Being Ignored?
Jun 24, 2010
I am attempting to alter the permissions of /dev/snd and its contents to rw-rw-rw at boot time via the file /etc/security/console.perms.d/99-snd.perms, which contains the following lines:
This has worked with previous Fedora installations up to Fedora 10, maybe even Fedora 11, but does not in Fedora 13. Further, the file /etc/security/console.perms.d/50-default.perms that has been present in the earlier versions of Fedora is missing; I don't even find it using 'yum whatprovides'. The Deployment Guide for Fedora 12 (there isn't one for Fedora 13 (yet?)), indicates that this is still the correct way to control console access to devices, and there are no mentions of any changes in the Fedora 13 Release Notes, but it is not working for mePS: I have verified that the permissions and selinux contexts of /etc/security/console.perms.d/99-snd.perms are correct although, in any case, it does not appear to be an selinux issue as booting with selinux disabled does not help. Searching through the various sysconfig, udev, etc.
Anyone know what the extra . (dot) in the permissions field is in the output of ls -la in FC11? A permissions field is normally 10 bytes, whats with the dot, a man an info on ls caused nothing obvious to jump out at me. A eleven byte perm field now with a trailing dot insead of the normal ten byte field
[root@osprey mark]# uname -a Linux osprey 2.6.29.5-191.fc11.i686.PAE #1 SMP Tue Jun 16 23:19:53 EDT 2009 i686 i686 i386 GNU/Linux [root@osprey mark]# ls -la / total 110 drwxr-xr-x. 23 root root 4096 2009-07-17 20:56 . drwxr-xr-x. 23 root root 4096 2009-07-17 20:56 .. -rw-r--r--. 1 root root 0 2009-07-17 20:56 .autofsck
I accidentally chowned my whole filesystem to nobody:nogroup.Stupid, I know.I'm wondering if apt keeps a copy of the perms it set during installs like RPM does?If not, is there any other way to restore the perms easily?If not, does anyone have a quick screenshot of their root level perms on Debian Hardy? I can at least start with a chown -R of the top level dirs and see how close that gets me.
I want multiple users to have full reign to. As a result, this share is already set up with the gid being set, so any files/folders that get written to it are automatically assigned the group "share", to which the users in question are members of this group "share."
The problem is, if Bob creates something, it comes down as bob:share with 755 perms, so Fred cannot write/delete. What it optimal is having 775 perms, but it's hard for an administrator to continually do this over and over when it'd be nice to just automatically set the perms on the fly to 775. How can I change just one folder to default to 775 perms instead of 755?
When I run rsync --recursive --times --perms --links --delete --exclude-from='Documents/exclude.txt' ./ /media/myusb/
where Documents/exclude.txt is
- /Downloads/ - /Desktop/books/
the files in those directories are still copied onto my USB.
And...
I used fetchmail to download all my gmail emails. When I run rsync -ar --exclude-from='/home/xtheunknown0/Documents/exclude.txt' ./ /media/myusb/ I get the first image at url.
1). What is the console command to scan all of Fedora, not just a specific directory, but the entire computer?
2). Even tho I have consulted the CLAM AV site on how to update to the latest virus signature database, I don't either understand what they are telling me to do, or I am not "getting" how to do it.
I wanted to disable root logins in console, so I searched for that. I found that if I change root's bash to "/sbin/nologin" in "/etc/passwd", root user will not be able to login. So I did that. But when I wanted to use sudo command, it didn't show me root bash, but it only do the same thing as logging in as root in single user mode (shows message that this account is disabled). So, how I can disable root logins, but keep enabled sudo command for standard users?
Is there a way to lock out logins at the console? I ask this because I can not login at the console but can remotely login to the system via ssh. I'm guessing I blindly implemented a security option and didn't know what I was doing when I did it.
Sitting at the console, I log in with any user name and NO PASSWORD IS REQUESTED. I get logged in automatically without entering the user's password.
I did: passwd joeuser
To change his password and still he goes right in without being asked for a password!
Possibly related- 10 days ago, my smtp server was breached as a spam relay. The username they cracked was deleted. I added fail2ban for postfix. The logs show no further intrusion.
When I'm logged in, physically on the server as root and logout the lines doesn't get cleared like when you logout as a normal user. This could be a bug and if it is, it could be a security problem. The last actions done shows.
Additional information:
Ubuntu Server 10.10 (32 bit) RAM: 1GB Server used as: webserver, database, gaming server.
I have 2 users: carol, carol2 and 2 files in /: filea, fileb. I want to carol has access only to filea and carol2 only to fileb. I need to do this with MLS (range). I dont want do this with levels because user that is higher has access to both files. How to do that?
I am trying to find a best tool to track configuration files changes. I did find some information about osec and mactime, but, it seems, that they are not included in fedora/rpmfusion package databases. is there any tool that can be installed as a package?
How to determine what type of files clamav can scan? For example, if there is no unrar installed it can't scan files in it. So is there any way to find out all types of files that clamav can't scan?
For a month or so now, I have been enabling ssh and opening port 22. I cron'ed the start and stop commands to leave them open only a few hours a day. After a bit, I checked my logs to find that some IP or another was attempting to brute force my root account.
I took little real threat by the offense.
(1) my system does not allow root to login and
(2) it would cut them off sooner than later when my system issued the stop command.
fast forward
Today I log in to find that all of my log files, as viewed from the gnome log file viewer, were empty of entries from about noon yesterday and prior.
Though I haven't noticed anything at all out of the ordinary with my system, I would like to get more opinions on the matter. Would there be any conceivable way that this was an automatic system routine, a clean up action of something? Additionally, if I was indeed the victim of a hack, what can I do to further protect my system (keeping in mind that I do want to access my system via ssh from time to time)?
I have Debian 4.0. I have installed screen package, and one application has been run in screen. I want to know how make something like "screenshot" of this screen status and send it over ftp. Could someone write me script with I could add to cron?
I have a Fedora 12 box with a fresh install. I use ktorrent to download something, eg a series, into my home folder. Now, as root, I move (not copy) the folder with the downloaded files to /var/www/html/bob so that when someone opens http://myserver/bob/ they see the list of folders and files I have placed there. I also chmod the whole folder to 755 and chown to root.root. The folder I have just moved there is not displayed. So to work around it (before I realised it was SELINUX) I created a new folder. Now the folder is visible. Good. So now I move the files into the new folder and delete the old one. The files are displayed ... good. But wait, there's more: you cannot access (download) the files, even though they are visible.
1. How do I VIEW what context is assigned to these files?
2. How do I correct the context so that http server can allow people to access them?
3. How do we get the SELINUX authors to consider re-labeling files when they are moved from one place to another so as not to cause this fault?
I went to print something and I get this message: Summary: SELinux is preventing access to files with the default label, default_t.
Detailed Description: SELinux permission checks on files labeled default_t are being denied. These files/directories have the default label on them. This can indicate a labeling problem, especially if the files being referred to are not top level directories. Any files/directories under standard system directories, /usr, /var. /dev, /tmp, ..., should not be labeled with the default label. The default label is for files/directories which do not have a label on a parent directory. So if you create a new directory in / you might legitimately get this label.
How can I start a program from tty1 console text mode to be executed in tty2 console text mode? Actualy I would like to start a program (chat client cli program) in tty8 automaticaly when linux PC boots.
How can I set the console in both kde and gnome (mostly kde konsole) to the usual [username@localhost]<currentfolder> layout ?. It looks like this now:
Code: bash-4.0$ cd /home/M/Documents bash-4.0$ the real console after text based login has the normal layout "[root@Fedora ~]#" but consoles within x only show "bash-4.0$"
How to disable logging to console in Fedora 13? To get rid of messages like Stopping HAL daemon: [ OK ]
and all other messages during shutdown and restart. Actually, earlier when i shutdown the system only a single shutdown message is showing on the screen, i don't know what happened, now it is showing lot of messages. i tried the quiet parameter in kernel boot parmeters but no effect.
this is the allert i got:Code:Summary:Your system may be seriously compromised! /usr/sbin/NetworkManager tried to loada kernel module.Detailed Description:SELinux has prevented NetworkManager from loading a kernel module. All confinedprograms that need to load kernel modules should have already had policy writtenfor them. If a compromised application tries to modify the kernel this AVC willbe generated. This is a serious issue.Your system may very well be compromised.Allowing Access:Contact your security administrator and report this issue.Additional Information:
