Is there somewhere in WHM where I can allow and disallow various ip addresses to login using PuTTY for SSH.OpenSSH Server, is not running (for security reasons).If OpenSSH is not running, is there a way to allow certain ip addresses only to use ssh.
View 9 Repliesi just installed linux mandriva 2009. i set password for root and created a user account. when i try to login as root, after logging out as user, it does not allow me and gives the error "root logins are not allowed". even it does not show the root account. if i try to go to root from konsole terminal using su root, it allows to enter as a root but when i try to start the GUI with startx it gives error.not sure what to do and why i can't see my account in GUI mode
View 5 Replies View RelatedI have a RHEL FTP server, which i'm told is setup to only allow certain IPs to connect to the FTP site. I have two questions though.1) what file would show what IPs are currently allowed?2) what command do I do to add another IP to it?
View 6 Replies View RelatedWhile reading some papers on securing apache with selinux, I have tried to bind httpd to port 3000 expecting to be blocked by the selinux, since port tcp 3000 isn't on the http_port_t list. However I was able to start the service...
I'm preety sure selinux is enforcing. Also, if I bind httpd to tcp 81 selinux denies the start of the service, as expected!Did I miss something? Why is httpd allowed to start binded to a port that's not explicitly allowed?
I want to login to my company's server (remote) from my room. I have the server address, so I use this command to login :
Code:
#ssh root@X.X.X.X
It waits for a very long time and then returns with error connection timed out port 22.
I configured these settings in the remote server :
Code:
#/etc/init.d/iptables stop
Then I connect via ssh from my home but still the same error.
Then in the config file /etc/ssh/sshd_config, I uncomment the line : ListenAddress 0.0.0.0
I connect via ssh again from home but still the same error.
The connection is not denied in hosts.deny and hosts.allow.
How do I get the connection up and running?
Everytime I log into the linux server at my workplace (I use putty), I don't get the bash prompt right away. I need to execute the command 'bash' to get it. Anyway to make this automatic? e.g.
Code:
host:1>
host:1> bash
user@host:~$
I am having problems logging into my SME Linux server from a new Windows 7 machine. It sees the server on the network, but does not seem to be passing the windows login through to the Linux server (which is how all of the XP machines log in). When I try to log in using a valid username and password it goes nowhere and just says it is an invalid username and/or password. I had a Vista machine that could log into this Linux server so I do not think the Samba version is the problem.
View 2 Replies View RelatedWhen logging into a new server how can I tell which brand of Linux is running. For example: RedHat; SuSe; etc
View 3 Replies View RelatedI have a server with 2 hard drives in raid for RHEL and 16 harddrives in raid 10 for storage. I was not allowed to have the root password just in case because "we don't give root password". A few days ago it crashed asking for root password for maintenance and had to restore the system to factory settings losing all user settings and updates (wich I paid for every year).
I'm not a linux guru but i can mount the system with a live cd, edit /etc/shadow and delete the root password but what I don't know is the consequence of deleting the root password. Can something go wrong after that? Can it have boot problems or something else? Can they set traps to prevent this?
Server is not connected to internet and it will never be.
i contacted my datacenter and they say it is a browser error
but i contact some1 els and he says it isnt a browser error so he asked me to check the log files
this is what i found in my log files
[Sun Feb 21 16:36:01 2010] [error] [client xxx.xxx.xxx.xxx] Symbolic link not allowed: /home/server/public_html/files/8/9x7s9tjosopkzb/rzr-prot - BoosterKing - .iso as you see , it says not allowed
but for files smaller then 4GB is it fine (i tryed it out to 1 GB files and they are fine )
the script i use is a download script and it creates symbolic links to hide the real location of the file and to limit the download to 1 ip only (its a download script :P)
I try to fix bugs on my web server. The remote web server allows redirects to arbitrary domains. Description : The remote web server is configured to redirect users using a HTTP 302, 303 or 307 response. However, the server can redirect to a domain that includes components included in the original request. A remote attacker could exploit this by crafting a URL which appears to resolve to the remote server, but redirects to a malicious location.
View 1 Replies View RelatedI have dhcp3-server (isc-dhcp-server) installed on my Debian and now I got a question about how it's giving the IP addresses to new devices.
For example: I connected my laptop and dhcp server gave me 192.168.1.5 address. Will it always give me the same ip address when I connect my laptop or it will eventually change after some time (week-month)? If it's not changing it, then I am wrong about this.
BUT...If I am somehow correct and if it will change in a week and give me another random (like 192.168.1.8) IP even I won't change my laptop network adapter, is it possible to configure dhcp server to always give same IP address depending on what MAC it is?
To make it clear, I want that when I connect new device (new laptop/pc) dhcp server would give it random IP but same time it would note the MAC address and never change the IP on that MAC.
I know about MAC filters, but setting filters is when you know MAC address since beginning and want to assign IP for it, but in my situation I don't know the MAC address.
we need to log web access of a certain set of users for analysis. We decided to setup a proxy server which just logs all the requests but does not do anything else like caching/access control etc.All users will be using a fixed set of computers and hence we can redirect their requests to the proxy. I came across Squid, but found it to be too heavy for our requirements. Is there any other proxy-server software that is good enough for what we want or is Squid the only way?
View 1 Replies View RelatedI have an issue with users logging into a server. There are multiple (5 or so) database admins that have to log into a windows 2003 server and from there log into a red hat server. Once they are in the rhel box they execute an app (let's say xclock) that gives them an xwindows session on their desktop. Currently only one person can do this at a time, but they have asked me to configure it to allow multiple users to log into the red hat box from the windows server and run an xwindow.
View 6 Replies View RelatedI am looking for a code for setting virtual alias for all domains and addresses. The scenario is that when I send an email from anywhere to my server, it will send to only one address but not send to the orginal recipient.
This is my code: I think the problem may be from the regular expression (.*) for any domains/email addresses
/etc/postfix/main.cf:
virtual_alias_domains = (.*) <-----
virtual_alias_maps = hash:/etc/postfix/virtual
/etc/postfix/virtual
(.*) admin@myserver.com <----
now I have managed my rsyslogd to log the firewall into a separate file I would like to use a script which looks into this file for intruders which for example try to ping, telnet, ssh, rdp etc into my dsl connection.And then use a kind of app or firewall on my ubuntu server to block them.Yes my firewall logs them but does not block them if the policy is enabled, so they have access on through the firewall and the connect to my server but I only want some known IP addresses have access through it and this I cannot program in the firewall so I have to use some extras.Or am I thinking way to far and is there a better solution with IPtables or app?Is it possible to watch tcp connections between the firewall from outside IP addresses and the ubuntu server?
View 7 Replies View RelatedI'd like to add further IP addresses for my server but I don't get it. My steps :
[Code]....
I have recently decided to venture into online blogging and other things, and my friend told me wordpress is a great tool for this. I have set up my mysql database, and apache and php are all working fine, and when i copy my wordpress folder into my /var/www/, and edit the config file for my database, i point my browser to[URL] to get it up and running. But i only get the error: "Fatal error: Allowed memory size of 16777216 bytes exhausted (tried to allocate 7680 bytes) in /var/www/wordpress/wp-admin/includes/plugin.php on line 302". Some googleing seems to suggest that this may be a problem with a php.ini file, but im assuming this is a windows based solution, and im not sure where/what a linux alternative is.
View 4 Replies View RelatedI have the following share setup on my Ubuntu machine
# From /etc/fstab
//192.168.1.13/media /home/USER/SHARE/media cifs username=USERNAME,password=PASSWORD,_netdev,uid=USER,gid=users 0 0
[code]....
What is your favorite font that is available for Linux (anything but M$ fonts)? They can be monospaced or non-monospaced, unlike the font thread in General that only accepts monospaced ones. However, they *must* be Linux fonts; no M$ or Apple fonts allowed.
View 2 Replies View RelatedI have a problem where I have certain foo.tgz files that are to big to gunzip in a directory, the box that it is on has limited space in /var/tmp for all intents and purposes. I did the standard gunzip -l to see how big the file was.
How can I look in the .tgz to see what files are there and pull out only the ones that I need. tar -t foo.tgz doesn't seem to work or am I doing something wrong?
Once I do find the file how do I only extract the one file from the .tgz, remember I can't uncompress the entire foo.tgz
I want to set multiple IP addresses onto my server and I can then put under an alias.
But is it possible to somehow create a script in perl example that can do this for or is it only possible manually?
I have the following in my httpd.conf file
Code:
# Listen: Allows you to bind Apache to specific IP addresses and/or
# ports, instead of the default. See also the <VirtualHost>
# directive. Change this to Listen on specific IP addresses as shown below to
# prevent Apache from glomming onto all bound IP addresses.
#Listen 12.34.56.78:80 Listen 80
And when I try to start the server, I get the following
Code:
(98)Address already in use: make_sock: could not bind to address 0.0.0.0:80. I did have an Apache web server up and running about 6 or 7 years ago - but seem to have lost everything
Im working with virtuals machines to configure Sendmail on Linux.
I work with two domains (ar and org), the configuration is similar in both, so i will write just one.
In orgs mail server:
The emails stopped coming and the server adds to the e-mail addresses the MX record. For example, if i send an email to u1@org in log appears u1@org.mail.org.
I set-up his mail server for him with Postfix but what he wants I have no idea how to do.
Essentially he wants it so that the mail gateway IP corresponds with the dedicated IP of the domain and I have no idea how to accomplish this.
I found some documentation on the web saying that the fix for this was to run multiple instances of Postfix which I tried doing but each time I try to start the second instance I get the error that postfix is already running.
There has to be an elegant way to make this happen, I really hate to tell a client something can't be done even though the concept is a bit pointless, IMHO. I am hoping I can get some feedback here on if this can be done and if it can the easiest way for me to accomplish doing it.
Here is some of the config files (example.com has been put in place of the actual domain names and the ip of 5.5.5.5 is in place of the actual IPs
Code:
[root@youronlinehosting ~]# cat /etc/postfix/transport
example.com smtp:5.5.5.5
example.com smtp:5.5.5.6
example.com smtp:5.5.5.7
[Code].....
I'm trying to use Squid to restrict web access on the computers of my LAN. All of the computers are using static IP address and we use our firewall to deny all HTTP access except for the proxy machine so everyone needs to go through the proxy to access the web.
Most of of the computers have access to websites that are listed on a white list that I called "goodsites". I have a range of IP address that I listed in a file called "super_users". These IP adresses are able to access everything except sites that I have put in a black list called "badsites".
I would like to restrict the use of audio/video streaming for all the IP adresses including the super_users. So far I have been able to effectively block streaming for all the IP addresses except the super_users that are able to bypass this restriction.
Here is the transcript of my squid.conf file:
acl manager proto cache_object
acl localhost src 127.0.0.1/32
acl to_localhost dst 127.0.0.0/8
acl localnet src 10.0.0.0/8# RFC1918 possible internal network
[Code]....
I have configured squid server and it is working fine. I want that only specific ip addresses in my LAN should be able to access internet and for that I have given these entries in access control lists in squid.conf file:
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443
acl Safe_ports port 80
acl Safe_ports port 21
acl Safe_ports port 443
acl Safe_ports port 70
acl Safe_ports port 210
acl Safe_ports port 1025-65535
acl Safe_ports port 280
acl Safe_ports port 488
acl Safe_ports port 591
acl Safe_ports port 777
acl CONNECT method CONNECT
acl QUERY urlpath_regex cgi-bin ?
acl apache rep_header Server ^Apache
acl our_networks src 192.168.0.181/255.255.255.0 192.168.0.182/255.255.255.0
And in http access I have given this:
http_access allow our_networks
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost
http_access deny all
In this I want that only 192.168.0.181 and .182 should be able to access internet but Now the problem is that all the IPs in the LAN like 192.168.0.20 are also able to access internet. What changes I need to do to allow access to specific IP addresses. I am not using any firewall or iptables entries and i am manually changing in the firefox at client side to access internet.
Situation as follows: i do su to root, then i create admin file with
cat > adminfile
then i exit from root issuing exit command
i can see following adminfile options
-rw-r--r-- 1 root root 10 2010-06-16 16:25 adminfile
however, after executing rm adminfile it really gets removed
-rw-r--r-- 1 root root 10 2010-06-16 16:25 adminfile
[Code]...
As i see it - others have only read permision for that file so they shouldnot be able to remove it.. :/
I want to limit the time a grep process command is allowed to run or be alive.For example. I want to perform the following:grep -qsRw -m1 "parameter" /varBut before running the grep command I want to limit how long the grep process is to live, say no longer than 30 seconds.How do I do this?And if it can, how do I return or reset to have no time limit afterwards.
View 4 Replies View RelatedI have a MacBook Pro running VirtualBox with Ubuntu 10.10 as a guest. I am trying to run a DHCP server from within the Ubuntu VM. I need to do this in order to run a multicast utility. On a stand alone machine running Fedcora I have this working without fail but within the Ubuntu VM I am having troubles. The DHCP server is starting okay, but when I use a cross over cable connected to a device the device does not ever get an address.I have eth1 bound to my ethernet jack where I am trying to source the addresses, and eth2 bound to my airport which is disabled unless I need internet access.Here is my DHCP.conf file
Code:
###############################################################################
# Amino Communications Sample dhcpd.conf file #
[code]....