General :: PAM Password Restrictions Don't Seem To Be Working
Apr 21, 2010
I set some restrictions in /etc/pam.d/system-auth, but they don't seem to be affecting anything.
/etc/pam.d/passwd:
Code:
password required pam_cracklib.so retry=3 minlen=8
password required pam_unix.so md5 shadow use_authtok
/etc/pam.d/system-auth:
Code:
auth required pam_env.so
auth sufficient pam_unix.so likeauth nullok
auth required pam_deny.so
[code]....
View 3 Replies
ADVERTISEMENT
Jan 14, 2010
I dont want to allow the user winny on saturday and sundays. I added the following line in the /etc/security/time.conf file.
login;*;winny;!SaSu0000-2400
Then i added the following line in the /etc/pam.d/login file.
account required pam_time.so
this is the first line of that login file. But if i tried to login with the username winny it allows me to get log in. Is anything has to be change?
View 14 Replies
View Related
Mar 25, 2011
i have jsut setup a kvm virtual machine on my server. to connect to the VM from outside of the network i use ssh tunneling. what i would liek to know is if there is any way to create a new user with jsut ssh access. i dont want people to be able to edit files in ~/ or such. jsut need the user to estabilish the connection to the server
View 1 Replies
View Related
Dec 30, 2010
I am using internet web control through squid... All is working fine only some little bit issues.
(1) Sometime when i tried to open google.com or any site I got message (The requested URL could not be retrieved) Screen Shot Attached.) but again after sometimes same websites will open.
url
(2) I would like to block word 'sex'.. So I have edit squid.conf with the following acl
acl Blockword url_regex sex
http_access deny Blockword
but problem occur in some websites where 'sensex' word found in url. Then squid block 'sensex' url content website also..
View 2 Replies
View Related
Mar 25, 2011
Can I limit the system resources that a process can use on Linux? I want to configure the system to avoid that some specified processes use some system resources:
choose if a process is allowed to use network and Internet.
choose which files and folders that a process can read, write or execute.
choose if a process is allowed to use sound and graphics output, and printer.
choose the limit of memory that it can use.
View 2 Replies
View Related
Oct 23, 2010
I'm trying to change the restrictions to some normal text files and their result is not what is expected.
For example, when I put:
chmod 000 testfile.txt
on a file that is
-rwxrwxrwx,
it instead becomes
-r--r--r--.
It doesn't matter whether I do it with a root or the owner of the file, the result is the same.
Also, putting
chmod u-rwx testfile
results in the file becoming, again,
-r--r--r--.
Also, some doesn't have any effect, such as
chmod o-r testfile.
Even if I do this, the result is the same -rwxrwxrwx.
View 10 Replies
View Related
Apr 23, 2010
I thought these were the same password?In-fact, they WERE the same password on the set-up I currently have.But now, weirdly, I can log in fine but I the exact same password is not using in order to perform admin tasks.I've tried a recovery mode, console, and then "password (username)" in order to reset the password.This does reset the password I need to use to log in, but the password still does not work for performing admin tasks
View 4 Replies
View Related
May 6, 2011
I'm using rhel 5, when i'm working in terminal first i typed su command and by mistake i entered copy command and some other characters, after realising i've made a mistake then i came out and continued with copy command in terminal.
after some time when i tried to login by using su and with password it says "incorrect password". So i logged out and entered root login for gui and it works well, but i'm not able to use the same password for su. can some one get around this issue?
View 2 Replies
View Related
May 23, 2011
I made a shell backup script that uses Rsync and I am trying to get rid of the password prompt because it will use a CRON to run. I have set my variable in my shell script at:
PASSWORD_FILE=rsync_password
And the password in that file only takes up 1 line.
However when I run (ignore $DESTINATION)
rsync -aRvz tmp $DESTINATION --password-file=$PASSWORD_FILE
It still gives me the prompt. How can I accomplish this? I cannot allow a prompt and I do not want to have to use keys.
View 1 Replies
View Related
Jan 19, 2011
i using centos 5.5 i have applied grub-md5 password to avoid to go single user mode and what happened someone knew this password then i have applied a new grub-md5 pawword and try to go to single user mode of the purpose it is working or not then message comes invalid password and i also try to previous password same message was on the screen right now i m unable to go single user mode and i have deleted it grub.conf and try to go single user mode then i m able and i again applied the grub-md5 password and try to go single user mode then same message invalid password why it is happning and what should i do ahead.
View 3 Replies
View Related
Feb 22, 2010
I'm trying to install Skype on an Aspire One netbook, it shows the file in the downloads section but every time I click on it it asks for an administrator password. If I put this in the window closes and then comes up asking for it again a few seconds later, but if I put in the wrong password it gives me the option of changing it, but still won't allow me to run the programme
View 7 Replies
View Related
Feb 18, 2011
I can not entered root password via terminal while doing this it replied incorrect password even same password can be used from another GUI box. When I tried to use command Clt+Alt+F1, only black screen comes. I am using coreutils 8.4-9.fc13 from fedora of 32 bits
View 2 Replies
View Related
Jan 1, 2011
I try to understand the reasons for restricting DVD and MP3. My conclusion so far is that DVD is restricted due to software patents (and the DMCA). The software decoding DVD is open software, though. What is the situation regarding MP3? It is also restricted. Is it due to the same kind of software patents? As I understand, the MP3 codecs are not free software (like DVD)?
View 2 Replies
View Related
Sep 5, 2010
How can I get rid of all policykit restrictions that fedora 13 has? I just upgraded from fedora 10 and of course my freenx sessions are again unable to do anything useful like mounting a drive. Difference is no GUI now to help fix this. So I would like to get rid of all restrictions.
View 6 Replies
View Related
Jul 6, 2010
I'm working with Opensuse 11.2 and KDE 4.3.5. I tried to restrict the run command (with Alt-F2) in the kdeglobals file:
~/.kde4/share/config/kdeglobals
[KDE Action Restrictions]
run_command=false
But there is no effect. With Opensuse 10.3 and KDE 3.5 it works fine.
View 3 Replies
View Related
Jun 3, 2011
I usually use .htaccess to restrict access to directories. But what if I just wanted to secure a single php file? Is there some sort of code that would allow me to say ONLY THIS IP can access this PHP file?
View 3 Replies
View Related
Aug 20, 2010
I have a server with two active network interfaces. On one, I need ssh open for all users (it's running LTSP, and as I learned the hard way today, blocking ssh kills LDM access).
On the other interface (which connects to the rest of the network), I only want to allow a few administrative users to connnect.
Is there a way to do this cleanly using sshd_config or PAM? I don't want to do something hacky like running dropbear.
View 3 Replies
View Related
Sep 26, 2010
I have an Apache, PureFTPd, PHP5, and MySQL server setup and running. I'm running several scripts that require folder access of "var/www" in order to accomplish the scripts duty. How do I remove and/or work around the security measure?
View 7 Replies
View Related
Nov 24, 2009
I have searched for days on Google and can't find a clear answer to my question. I have a NT4 PDC which I am migrating to Samba 3 (Version 3.4.2-47.fc12) on FC12 with kernel(2.6.31.5-127.fc12.i686). I am using tdbsam as my passdb backend.I setup Samba as a BDC and then joined to NT4 Domain succesfully. When I go to vampire the accounts I get lots of errors and some user accounts get transfered over. It turns that all the user accounts that transfer are those that don't have a capital letter in their username on the NT4 domain server. Most do and don't get transfered. There seems to be errors with my groups and Computer accounts.Is there a way to change the requirements in Fedora 12 for username, groups and computernames?
View 1 Replies
View Related
Dec 22, 2009
I have Fedora 10 installed. I want my users to be able to use any password they want. So I edited /etc/pam.d/system-auth, the password section.
Was:
Code:
password requisite pam_cracklib.so try_first_pass retry=3
password sufficient pam_unix.so md5 shadow nullok try_first_pass use_authtok
password required pam_deny.so
Become:
[Code].....
View 2 Replies
View Related
May 31, 2011
I have a work network of about 20 boxes most of which are running Windows 7 and one of them is a file server using linux and another is Windows server 2003. Now the local IP is distributed by the router, and no regulation of internet access is done by any of the servers.What I need to do is restrict internet access to select domains, which would probably need DHCP through linux(I think, not really sure), and I need something simple like a 'blabla.conf' file with the allowed websites that I can edit. need to know how to regulate IP addresses through the linux box (all details if possible, I never tried to do that before), and how to restrict internet access also through linux.
View 4 Replies
View Related
Jun 3, 2010
I've got Ubuntu server 10.04 set up and I wanted to make a few restrictions. It's pretty much just acting as a VMware server at the moment, and there are some users I've created who I only want to be able to be able to log into the VMware infrastructure web interface. I want to make sure these users can't log in via SSH, FTP, or the console itself. I understand how to block them from logging in via SSH by using DenyUsers, and I added these users to the /etc/ftpusers file to lock them out of FTP, but how can I block them from logging in at the console itself?
I tried locking the user out by editing the /etc/passwd file, but the problem is that by doing this, it also prevents the user from being able to log into the VMware web interface.
The user's entry in /etc/passwd looks like this: bsmith:*:1005:1005:Bob Smith,,,:/home/bsmith:/bin/bash
View 3 Replies
View Related
Nov 7, 2010
does anyone know how to set restrictions on the commands a user can run as sudo? i want to make it so they can only halt the system.
View 1 Replies
View Related
Jul 22, 2010
I have a computer with two interfaces (eth0 and eth1), eth0 is connected with a local network and eth1 is connected to the internet, also it implements a NAT in the interface eth1. Nevertheless, I'm trying to create spoofed packets with sockets raw in the computer that runs the NAT and send the packets to the interface eth1. The problem is that the NAT is changing the IP source to the real one before send the packets. So, anyone have any idea how can I implements the NAT in eth1 but only apply the NAT to the packets that are from/to eth0? I was thinking in something like (I am really newbie with iptables):
iptables -t nat -A POSTROUTING -o eth1 -i eth0 -j MASQUERADE
Well, it didn't work.
View 1 Replies
View Related
Jun 22, 2011
While I successfully configured an IPsec-VPN (I use a similar tho modified setup like this:[URL].. I am now stuck on the next steps. While I can connect to everything I want, I need to configure "access-groups" and/or "users".
The scenario is similar to this: Lets say Host A, B and C allow SSH-Connections and some weird non-standard UDP-Connection from Host-VPN, and are also accessible on other ports with public IP's (like http).
I now want to limit, that an admin-user has access to all of them, while trainee-admin only can access everything on Host B and C, and CEO only can connect via telnet to Host C - and all users can be roadwarriors
(I made this example up to give you an idea what i'm trying to do - hope it makes sense). Now my question is, if someone can point me towards a direction, as I'm quite clueless at the current moment as to what to try. I know that commercial IPsec-Implementations can do this, but can OpenSWAN/... give me something similar?
View 1 Replies
View Related
Jan 17, 2010
I have a user that has already used up a demo 24hr trial on my website. At present, I only check the customer id and the IP address to search for duplicates. On the whole this works but it's not foolproof. We now have 1 user from China that is changing their IP address everyday to get access to the free trial. Any options on what to do? I thought of downloading a cookie to their computer that the website could pick up - again not foolproff but most people don't disable cookies. Any other options?
I could ban China temporarily until the user gives up but if they find another proxy to chain then their IP address will be different again.
View 14 Replies
View Related
Feb 16, 2010
I have searched other post on here and they appear to be relevant but when I enter in the exact same commands it denies relay access to everyone. I have also used the postmap command to refresh the database.
Feb 16 15:54:48 EMAIL2 postfix/smtpd[6512]: NOQUEUE: reject: RCPT from localhost[127.0.0.1]: 554 5.7.1 <josh.dobs@gmail.com>: Recipient address rejected: Relay access denied; from=<msolis@EMAIL2.drewmedical.com> to=<josh.dobs@gmail.com> proto=ESMTP helo=<192.168.1.51>
I used this page as reference. [URL]
Below is my main.cf
# See /usr/share/postfix/main.cf.dist for a commented, more complete version
# Debian specific: Specifying a file name will cause the first
# line of that file to be used as the name. The Debian default
# is /etc/mailname.
[Code]....
View 2 Replies
View Related
Nov 22, 2010
I seem to be able to install / configure Postfix server in 10 minutes as an MTA for a single domain but my struggle is really understanding the maps / restrictions which even after reading "The Book of Postfix" is not very clear to me:
[Code]....
My question is between those commonly used three maps above, what are the difference between them and how do I know when to use one over the other? Can someone clearly explain them to me? Here's what I have in my 'main.cf' but honestly I couldn't tell you if they're correct or now:
[Code]....
View 4 Replies
View Related
Feb 16, 2011
I'm trying to configure notifying 'sys admins' cellulars about some events in clients IT infrastructure. In linux env it would be ease, just to use 'mail' cmd but need solution for windows env in this case.
I have RAID Controller running under windows xp and its raid array sotfware has feature to notify about events by email. I found some free solutions on the internet but most of them are shareware and if are freeware, they have limitations e.g. nr of sent emails per day.
Is there some free smtp server that I can use with no limitations?
View 1 Replies
View Related
Feb 15, 2010
Been trying for some time to get Postfix to not allow some internal users to send email externally. I have found some good resources online but none of them work. The user is still able to send email internally and externally.
I used the following web pages to assist me... [URL]
Below is my main.cf
# See /usr/share/postfix/main.cf.dist for a commented, more complete version
# Debian specific: Specifying a file name will cause the first
# line of that file to be used as the name. The Debian default
# is /etc/mailname.
[Code]....
View 3 Replies
View Related
