General :: File Share Security The Setup Is Not Secure At All?
Jan 7, 2010
Been messing around with Ubuntu 9.1 for the last few weeks and am loving it so far. Been trying to get in the terminal and learn a little something, to no avail. LOL I have been googling and searching the site today for info on networking. My Linux box is a desktop, with my main HDD mounted with music, and movies and some other stuff. My intent is to network the two laptops in the house (Windows XP and Windows 7) to the Linux box so I can listen to my music and watch movies when not in the office. I have found some info, mostly involving Samba, and plan to install Samba tonight and fiddle with it. My issue was with security. I have read a few posts and they talk about the fact that if you share files in this manner, the set up is not secure at all. Is this something i should really be concerned about? If the folders I share only have my music and videos in them,
View 4 Replies
ADVERTISEMENT
Feb 12, 2010
I'm learning to secure my server in the best way I can think of: By learning to attack it. Here's what would like to accomplish. I have SSH set up on a linux box in a offline lab environment.
Username: root
Password: ajack2343d
Now, I know I can simply brute force this as I know the password, but there has to be other ways, and I wish to learn them.
View 8 Replies
View Related
Jun 19, 2010
I've set up a server for the first time today and I'm reading up on how to secure it. But I was wondering if anyone here would give me some tips from personal experience on what to do before going online with my website for the whole world to see. I'm running Ubuntu Server edition and Apache. Am I good to go with default settings or is there anything recommended that I should first do?
View 9 Replies
View Related
Jul 11, 2010
I seem to be missing a secure.log or security.log file. I have Ubuntu 10.04 and can't find this file. I looked in the /var/log and ran a search command to no avail. Does anyone know where this file is or is it called something else. I'm looking for a file that logs any change to the security settings of the system.
View 1 Replies
View Related
Dec 29, 2010
I am going to set up a file server on Ubuntu. I have searched a while, but can't seem to find a guide to what I want. The requirements specifications are the following:File server: possible to upload, change and download files.Linux (Ubuntu) clients, Windows clients if possible.Access restriction to deny access to other than registered users.Only the user should be able to read the content of the files.Ideally root should not be able to see the individual files, but in worst case it is ok for root to see the files.Root should not be able to open the files.Point 1-3 is easy to find out how to set up. But I can't seem to find a way to deny root to view the files. The only solution I can think of is to encrypt files or a whole folder, but I don't know how to set it up.
The setup is for a home network, but the server used as a file server will have a web server as well. If someone manages to get access to the server I don't want them to be able to read the files.
View 5 Replies
View Related
Feb 4, 2010
If I need to get a file to someone I could place it on the server and somehow automate an email telling them there is a file available. They could login to the server based on their email address and a randomly generated key combination and down load the file.I also need it to preform the same function going the other way. Login into my server and place files going to me.
View 2 Replies
View Related
Jul 11, 2010
I seem to be missing a secure.log or security.log file. have Ubuntu 10.04 and can't find this file. I looked in the /var/log and ran a search command to no avail. Does anyone know where this file is or is it called something else.looking for a file that logs any change to the security settings of the system.
View 6 Replies
View Related
Feb 5, 2010
What do the default file permissions in ubuntu 9.10 protect/deny access to?
View 9 Replies
View Related
Dec 1, 2010
I'm an Oracle DBA and started working for my current employer about 4 months ago. This past weekend an alert re: FS space brought my attention to /var/spool/clientmqueue (full of mail re: cron jobs) and the fact that sendmail is not running on our Linux servers.I'm told that the IT security team deemed sendmail too vulnerable so we don't run it.Aside from FS filling up and missing notification of issues with crontab entries, I'm concerned that we may be missing notification of potential issues. In other Unix/Linux environments I've seen emails from the print daemon when it experienced problems with specific jobs.
Are there other Linux facilities aside from cron and lpd that use email to advise the users of possible issues? Are there ways to secure sendmail or secure alternatives to sendmail? My primary need/desire is to make sure that emails regarding issues on the server get to the appropriate users. Secondary goal would be to have the ability to use mailx to send mail out. There is No need/desire to receive mail from outside.
View 1 Replies
View Related
May 15, 2010
jump into a Linux class in college with only 3 weeks left in the course. I thought I would be able to catch on, and go figure, it didn't exactly happen that way. I was given an assignment to do, and I am so far lost it isn't even funny. I need to create a directory structure, set up file security, create a step by step instruction manual on how to copy/delete said files, and create a guide to common Linux commands. How would I create these files in root and share them with the other users? and where can I find a list of common commands and their functions?
View 5 Replies
View Related
Mar 13, 2010
I'm trying to find a secure way to backup files on my Prod Server to Backup Server. It must be automated, so I will need to run a command with cron which will login to Prod Server from Backup Server and backup data. 1. Do you think it would be secure enough to do this by creating an passwordless RSA private key on Backup Server and adding it's public key to authorized_hosts file on Prod Server? I can't think of a way to Automate this without having to enter any passwords without passwordless RSA key. Is there another. more secure way? 2. Should I create a special user for backup, which will only have read access to all files in the directory that I am backing up? If so, How can I run a check that this new backup user indeed has read access to ALL files in the folder that I intent to back up? How can I ensure the backup process will not skip files due to some permission problem? 3. I'm thinking of using rsnapshot tool, which uses rsync.
View 10 Replies
View Related
Sep 24, 2010
Im using opennms network configuration backup server called 'RANCID'.It run on top of RHEL5 system and using APache. Here's the link which i'm accessing [URL] But any one can access this URL and obtain my configuration files
I want to secure this using a logon page.allow login Only for the successful authentications by entering the predefined username and password But after get authenticate book marking the above URL still can access anyone since it didnt prompt username and password again In eachtime executing the above url it should direct to authenticate page
View 5 Replies
View Related
Feb 9, 2010
how to write secure code for bash scripts in general? Strangely I didn't found anything in google and in the forum so far. If someone here is willing to review a bash script for me (about 600 lines).
View 6 Replies
View Related
Oct 15, 2010
I am striving to setup OSSEC to monitor some specific files for realtime changes! Is this possible? I can't really find a lot of info from their Documentation
Some Examples:
/etc/myfile.txt is deleted. I need this to be reported.
/etc/myfile.txt is created again so I need this to be reported again!
This has to happen instantly though, because the file might be deleted and created again many times in a short period of time.. Another one...
/etc/passwd is touched (accessed) even if there is no changes! Can this be reported as well?
View 2 Replies
View Related
Nov 2, 2010
I am running WHM and CPANEL on centos.I would like to upload a file to the root user directory. To be honest, my only experience uploading and downloading files with FTP has been with domain related accounts that were set up under WHM to be managed under CPANEL. This is quite simple, because all you do is set FileZilla or Dreamweaver up with the FTP address of the domain account and the username and password.How can I do something similar to FTP a file into the root or home directory?
View 1 Replies
View Related
May 31, 2011
I am trying to mount a shared folder from windows xp to my ubuntu vm. It is running in vm player.
I installed samba with sudo apt-get smbclient smbfs
Next, I run smbclient -L computer_name_here and get the error NT_STATUS_LOGON_FAILURE. What am I doing wrong? How can I solve this?
View 1 Replies
View Related
May 19, 2011
I've setup a samba share with RecycleBin option. However, there is no cleanup and soon will saturate free space.
I'm trying to plan a command that each week clean the content of those dir or the directory itself.
The dir tree is like /home/ :user1
Dir1
Dir2
RecycleBin
[Code].....
To be careful to all possible situations I'm testing this line in directory with spaces in names. I know is ugly and ... and ... but users are just used to and they don't care about me And, having this line working for spaces I can use it for other situations other than shares.
File o directory non esistente = File or directory does not exist
View 3 Replies
View Related
Nov 2, 2010
I have a remote directory shared over NFS called tech with perms set as 0750 and owner set to root:tech. I have 2 groups: tech, and techAdmin. tech can read and execute within tech/. techAdmin can read, write, execute. I have 4 users: user1, user2, user3, user4. user1 and user2 is a member of techAdmin, user3 and user4 are members of tech. simple so far...but wait here's the problem. If user1 creates a file inside tech, user2 cant read or modify it because user1 owns it. Here's a few sites that reference this problem:
[code]....
View 4 Replies
View Related
Jul 28, 2010
How do I share default profile file by NIS so that I do not have to setup profile in every NIS clients?
View 3 Replies
View Related
Jan 15, 2010
I've just installed Ubuntu 9.10 and Samba 3.4. I've shared a folder and have accessed the share from a Windows 7 client. However, I've struggled to configure the share and folder so that the Win7 client can create files and/or folders in the share. Kept getting Permission Denied errors. Finally, (using Webmin) I set the permissions on the file folder so that "Other" had write access. I don't understand why this was necessary (and how unsecure this is). I already had the write access checkbox ticked for "User" but it wasn't enough.
View 1 Replies
View Related
Apr 28, 2011
equivalent of "force_user" when sharing with nautilus-share? To put this question into context, I have shared out a folder with "Allow others to create ..." and "Guest Access ..." turned on via the GUI (I believe nautilus-share is applicaition behind the GUI). When Guest accounts create files or folders, I want the owner of the files or folders to be a specific user, rather then "nobody". In a Samba Server, I know you can use the parameter "force_user" in the smb.conf (under an individual sharename) which will specify the owner of the files and subfolders created through the share.
I have tried to add this parameter to the files created in /var/lib/samba/usershares but the owner of the files and folders are still "nobody" (NOTE: I rebooted the PC after making the change to the file) I have just done a fresh installation of Ubuntu 10.10 Desktop with nothing else installed (except the current Updates and the necessary components needed when sharing folders) As a follow on question, I also want to set the permissions for files and folders. To replicate what the "create_mask", "force_create_mode", "directory_mask" and "force_directory_mode" parameters do within a Samba Server.
View 1 Replies
View Related
Jan 13, 2016
I need to setup a squid 3 proxy with https bumping. Unfortunately I'm not very familiar with squid and https in general.
I already perfomed the following steps:
1.) compile from source
Code: Select all./configure --with-openssl --enable-ssl-crtd
make
make install
2.) configuration (http)
I used this guide: [URL]
3.) configuration (https)
[URL]
The server is now working for http and https, but is the server secure, too? Is the default config already secure or do I need to configure additional security features? (e.g. things like cert validation, cert pinning, [dont know what's importend], ...)
View 0 Replies
View Related
Jan 29, 2010
I am trying to setup a web-based secure ftp client that can handle not only file transfers to and from one of my company's servers, but also allow new clients of ours to visit our site, create an account of their own and use it to log in and begin transferring files. This way, the users can manage their own accounts.
I don't know a lot about exactly what is running on our server, though I am almost positive it is debian based. I really only have access via ssh and ftp. I may be able to do more in the server room, but haven't tried. I thought about using net2ftp, but that doesn't seem to work with sftp, and also doesn't allow the creation of new users on the server.
Is there anything out there for me??You will undoubtedly require more information from me, so please let me know what it is and where I can find it and I'll get back to you as quickly as I can.
View 3 Replies
View Related
Mar 23, 2010
I followed the tutorial found here [URL] but when I try to access [URL] I get the following:
Code:
Secure Connection Failed
An error occurred during a connection to www.mydomain.com.
SSL received a record that exceeded the maximum permissible length.
(Error code: ssl_error_rx_record_too_long)
Not sure what I might have done wrong... I have retraced all of my steps and I don't believe I missed anything.
View 2 Replies
View Related
Dec 27, 2010
how to setup a secure and reliable server, i have three ubuntu 10.10 servers a Dell PowerEdge 850,1850 and 2850 which has a Dell PowerVault 220s attached to it.The Dell PE850 Server Consists of:
Intel Pentium D 3.0GHz
4 GB RAM
Eventually 2x250GB Sata Hard Drives
The Dell PE850 Server Consists of:
2xIntel Xeon Processors 3.4GHz
4 GB RAM
2x76GB SCSI Hard Drives RAID 1
The Dell PE850 Server Consists of:
2xIntel Dual Core Processors 2.8GHz
4 GB RAM
6x76GB SCSI Hard Drives RAID 5 (pretty sure)
Dell PowerVault 220s
I would like to setup a reliable webserver, mail server, DNS and Dynamic DNS, DHCP, SQL, FTP, Samba (with Roaming Profiles), PXE Boot Server.I know how to setup most of the server modules, i would just like to know the best way to do it tho. I also want to no how to setup the secuity of the system correctly, and setup and partition up my hard disks to allow for the best reliabilty, even when a server crashes.I would like to now how to set these servers up from start to finish in a sence.
View 1 Replies
View Related
May 17, 2011
I would like to use my Ubuntu server machine as a proxy so I can browse a little more securely/privately while I am traveling. I connect to a lot of open Wi-FI networks.I have Squid setup on an old laptop running Ubuntu Server 10.10 at home, and the main machine I will be using to connect to the proxy is a computer running Windows Vista.I am able to connect and use the Ubuntu Server machine as a proxy while traveling with the squid config file modified with http access set to 'allow all'.
Obviously this isn't the ideal setting.After lots of reading and Googling I can't figure out how to allow only my Vista laptop to use the proxy.I'm a little lost with the ACL settings required.
View 7 Replies
View Related
Mar 14, 2010
I've setup Kerberos and OpenLDAP servers (9.10) similar to the official documentation (and other sites that fill in the "gaps"). However, when you start to get in to some of the details, there seem to be many options - and I guess I'm looking for what could be the defacto standard. I'd like to allow Ubuntu clients to have a sso capability, with the ability for local caching of passwords if not connected to the network (such as a laptop user away from the office, prior to a VPN). I'd like to automount a secure NFS share somewhere in the /home directory. If the user logs in to a computer they've not logged in to before (if they're authorized), it would be nice if a skeleton /home directory could be setup there automatically I'm guessing that it is not desirable to use a shared /home NFS - as if you're off the network this would be problematic - as well as multiple computers sharing the same /home. There are some benefits to a shared /home (SSH certs, etc.), so maybe there is a hybrid approach out there.
I've read that it's not necessarily good practice to have OpenLDAP to do the authentication (leave this to Kerberos), but it's fine for authorization (such as ACLs for logins to certain computers). It's also good practice to use TLS with OpenLDAP (which requires public certs on all the clients) and to not allow anonymous read to the directory. I would guess that a computer host keytab could be refreshed to bind to the OpenLDAP server via GSSAPI / SASL to allow a non-anonymous read, and then determine if, say, the user was a member of a group allowed to log in. Kerberos would then pick up and authenticate the user and then proceed to the login. Off the network here, I'm not sure. I found this document, but it's self declared missing items: [URL]
I'll stop the rambling, but I cannot be the only one who would like to setup a relatively standard and secure server based network authentication and authorization back-end. Is there any _complete_ documentation on the best practices and how to implement?
View 4 Replies
View Related
Dec 23, 2010
How to Centos 5.5 very secure for mail server. how to its performance very fast.
View 2 Replies
View Related
Apr 13, 2010
perform below activities please guide how to do perform below activities.Make sure the Guest account is disabled or deleted.-Disabled or deleted anonymous accessSet stronger UserID policiesSet Key Sensitive UserID Default enable in linuxCombination of numbers, letters and special characters (*,!,#,$,etc.)
Status of UserID
Type
User Name
[code]....
View 3 Replies
View Related
May 30, 2011
how to secure opensue? Or point me to some good articles etc?
View 9 Replies
View Related
