General :: Text Config File Encryption On System For Security?
Aug 16, 2011
I plan to use newsbeuter for console RSS reading.This program has a config text file where I need to store my Google account password,in order to access my Google reader.I don't feel easy at making my password readable to everyone.Is there anyway I can somehow encrypt this information ?
am fiddling around using an AES encrypted password which is stored in passwd.txt:cat ../passwd/passwd.txt {AES}yTMWTrdbuPtCxikvv5udVDTQ70anBVVKvP+GPQEH1RY=Yet I like to interpret this password on the command line using svn checkout, so I do not have to type in my password ( which is visible on the command line):Exporting the variable SVNPASS reading it from the passwd.txt ( export SVNPASS=`cat <../passwd/passwd.txt`) won't work obviously as it interprets it as "text", so my question is, if there is a proper way to interpret this stored AES password so I can read it from the file?The alternative is to type in the password on the command line, but this needs to be invisible eitehr showing #, * or "hidden". the last option is described: http://www.tech-recipes.com/rx/278/h...-shell-script/
I have an auditing problem. I am required to be able to track user account modifications (creates, deletes, password changes, etc.) My team and I implemented auditd 1.7.17 and borrowed an existing rule set from /usr/share/doc/audit-1.7.17/nispom.rules. What we're seeing is that user account activity from the command line is retrievable by doing an 'aureport -m'. However, doing the same through the GUI, 'aureport -m' does not display the activity. So I have two questions:1. Is there another location I should be looking to find the user creation activities when using the GUI?2. Is there a way to make the activity using the GUI be captured in /var/log/audit/audit.log so 'aureport -m' can report it?Someone suggested a PAM configuration change, but was not able to tell me what change to make.
I switched over to Fedora a couple of days ago. I'm using the built-in firewall shipped with it but I can't find out how to enable logging of dropped packets. Among others I'd like to use psad that needs firewall logging. Is there an easy way to do this? I'm not an iptables "expert".
where are the "System Log Viewer" config files stored? I know most have been moved into /var/rsyslog.d/ folder but where are the users config file stored? I restored my local /home to a fresh install and the Log viewer is looking for log files from the OLD install.
So there must be a config file somewhere in /home/$user that the system log viewer is reading from as well as the rsyslog.d folder...
I'm using RHEL 5.4 and trying to use the system-config-kickstart to generate a ks.cfg file with all the settings already appeneded. After running the "system-config-kickstart --generate ks.cfg" command, the file gets created but it's missing the firewall configuration, partition information and so on.
How can these settings also be generated with the system-config-kickstart?
I am not very security minded...I'm aware of it, and always made sure I had up-to-date overall protection in Windows but firewalls, and the blasted passwords are largely a thorn in my side!When I got my iPhone last year I suddenly discovered password managers & "wallets" to keep all that kind of information in and syncable across different devices. My life got so much easier. Of course now I need to figure out encryption keys, and how they work (I'm clueless). I also need to find a program or system that I can move my existing low-tech info (mailnly user name & passwords) that will also accomodate the increased needs of Ubuntu security and still be sync-able. I started a little research weeks ago, but my current "wallet" only exports .csv so I quit since I'm going to have to do a lot of data entry whatever I go with.So here goes:
1) what is the difference (bare bones) between using an encryption key (e.k.) vs. a standard user created password? what situations are better suited for e.k.?
2) I have seahorse (default intall with Ubuntu I guess) but the only thing in it is Login under passwords which leads to a login keyring (?) and a drop-down list of about 6-10 of the gazillon passwords I use daily. The other tabs are for keys which I don't have any concept of.
3) I know FF also "remembers" user id & passwords as you choose to have it do so. Is that information transferable into seahorse or another program?
4)I'm also (today) getting ready to really set up my system for user names & security across my little home network. How can I integrate that into whichever program/app I go with to store my pwds and keys?
5)give me links to fairly current documentation on this stuff?
6) Any program/app recommendations.Pros/cons uses, what they can & can't do or be used for, etc.
I want to encrypt a text using rsa encryption method. I did it using command openssl but i want it using my library api, the library api is as, int rsa_calc (unsigned char * msg, unsigned char * mod, int count, int exp, unsigned char result); I can't understand how i input public key (.pem file) and what will be the modulus (unsigned char * mod) and exponent (int exp) for any text.Is there any kind of formula to calculate modulus and exponent of the text.
I am just wondering what encryption method the shadow file uses, so that I may be able to manually change it. I ask this because I am trying to make a web page that will allow people to change their linux password via a browser.
I would love to be able to use TrueCrypt consistently across all my machines, be they Windows or Linux. As it stands, I can do full-disk encryption with pre-boot authentication only on Windows.
I don't really understand why this is. Are there technical challenges specific to Linux/Mac that make full disk encryption harder? Does anyone know whether TrueCrypt will support this in the near future.
PS. yes, I'm aware that there are other options. My goal is to simplify my life here and use the one tool across all machines.
I am building an active directory and using BIND9 as my DNS. To allow for secure dynamic updates from the domain, I am enabling GSS-TSIG as detailed here and here. Unfortunately, some of the commands and configurations used here seem to be depreciated, at least in the newer versions that I'm using. My issue is one of keytab encryption. I generated a keytab using ktpass.exe on the Windows Server 2008 domain controller. I have tried DES/MD5, AES128/SHA1 and AES256/SHA1, each have been turned down by ktutil on the kerberos server (FreeBSD). Each time, it outputs the following error: ktutil: AES256/SHA1*: encryption type AES256/SHA1* not supported *Respective to encryption used.
I cannot find a list of suitable encryption schemes that ktutil will accept. The FreeBSD handbook details a means of producing a keytab file, but I'm not sure how to configure the Domain Controller to use the keytab.
I want to automate the following manual process.Currently, I am encryptying a set of files using openssl as follows:Encrypt file.txt to file.out using 256-bit AES in CBC mode $ openssl enc -aes-256-cbc -salt -in file1 -out file1.enI am then prompted for a password, which is then used to encrypt the fileWhen decrypting, I type $ openssl enc -d -aes-256-cbc -infile1.enc -out fileI am then prompted for the password - which again, I manually type.I want to automate this process of en/decryption - so I need to find a way of providing openssh with the password.
My first thought is whether it is possible to read the password from a file (say)? Or is there a better way of doing this?Also, I suppose that I will have to place restriction on who can view the password file - otherwise, that defeats the whole objective of using a password. I am thinking to run the bash script as a specific user, and then give only that user read rights to the contents of that file.Is this the way its done - or is there a better way?Ofcourse all of this leads to yet another question - which is, how to run a bash script as another user - without having to type the user pwd at the terminal.
I'm only just starting out with the Linux ubunto 10.04 OS after yeas of wasted time on Microsoft os's,I hope I'm posting this request for help in the right forum thread, if not please accept my apologies, I have tried searching everywhere for help in installing a firmware file into the File System / lib / firmware directory and each time I get an access denied result. The file is for a DVB board and I have managed to track down the right Linux fw file for this particular piece of equipment, Could some kind helpful person either explain how to get this firmware file into the Root System directory or even send a link to another site that deals with this sort of problemI've downloaded all the programs via the Ubuntu Software Center that should be able to perform this task however all to no avail.The reason why I posted this thread in this forum board is that it (in my own personal opinion which may be wrong) seems to me to be a security problem
i am investigating on solutions to trace a file deletion on a computer( Linux O/S).i also need to determine weither after a file deletion or download on a computer, the computer clock had not been modified. In case a file has been downloaded on a computer and then transferred to a removable device, i need to find out the file activity. i mean i should be able to tell that the file was downloaded and transferred to a device with possible specifications.
im trying to output a list of running processes via a shell script. At the moment i got this which outputs the processes to a text file called out.
echo $(ps aux) >>out
The problem is though, the processes are all just one big block of text which makes it hard to read. Does anyone know how to sort the output to a text file so that it prints to the text file at 1 process per line? I know its probably simple but im very new to linux.
I am looking for some software (not Tryecrypt) where I can just right click a file and it will encrypt it for me. It would be nice to unencrypt on Windows but not essential.
Is it possible to have two passwords associated with one account, one that is the actual one, and another one, a duress password, that upon entering gives a similar (desktop) environment with "decoy data"?
The idea is to have the bogus password go to an encrypted home drive that looks as if it were the real deal, but it is wiping particular sensitive (encrypted) data that is visible only with the real password in the background, so that the actual data that need to be protected are not compromised. While the person who unlocked the computer tries to find the information on it between all the rubbish files, the real files are securely wiped. The files are very sensitive in nature, so it's better to have then destroyed than have unauthorized people access them, in the event of that happening.
I happen to know that TrueCrypt has a similar option but that requires an entire decoy operating system (and I think that might be a bit conspicuous), but is there a native linux way to do it?
When you install sshd and run it with no modifications, then any other machine can connect to your machine without specifying a key. How does this work? Some key is being used, correct? how does the client know what private key to use?
My colleague changed the hostname using "system-config-network", but now I want to change it using any how (either system-config-network or /etc/sysconfig/network). Even I changed it from /etc/sysconfig/network. But when I reboot the system its getting old hostname. Is there some other place to change hostname?
I have an encrypted /home partition but would like to set up a guest account for my brother. Obviously, encryption doesn't work so well when you give out the key so what I'd like to do is specify a different, unencrypted location as a home directory for the guest account so he doesn't need access to that partition. Is there a way of doing this?
I've got fedora 10, dual boot with windows, 2 hard drives, 1st is NTFS windows. 2nd is split into a swap, ext3 for the OS, and an encrypted partition for /home.
When I installed Fedora selected the option to encrypt the hard drive. I want to change the passphrase, is there a way to change the passphrase, or do I have to re-install Fedora?