I loaded Ubuntu on a Windows OS laptop and am finally figuring out how to connect wireless. Before I do what can I do that will protect me? I am told I don't need anti-virus. Is this accurate? Also, I want a really secure firewall...not one that an experienced hacker could see and just hop over.
View 3 RepliesI'm an Oracle DBA and started working for my current employer about 4 months ago. This past weekend an alert re: FS space brought my attention to /var/spool/clientmqueue (full of mail re: cron jobs) and the fact that sendmail is not running on our Linux servers.I'm told that the IT security team deemed sendmail too vulnerable so we don't run it.Aside from FS filling up and missing notification of issues with crontab entries, I'm concerned that we may be missing notification of potential issues. In other Unix/Linux environments I've seen emails from the print daemon when it experienced problems with specific jobs.
Are there other Linux facilities aside from cron and lpd that use email to advise the users of possible issues? Are there ways to secure sendmail or secure alternatives to sendmail? My primary need/desire is to make sure that emails regarding issues on the server get to the appropriate users. Secondary goal would be to have the ability to use mailx to send mail out. There is No need/desire to receive mail from outside.
There are a couple commands I want to run in a terminal that require me to provide my password. I really don't want those commands ending up in any kind of history or anywhere else where they could be seen by someone after the command was run. Are there any shells/terminals for Ubuntu that I could use (or options to bash/zsh/etc) that would give me a secure environment where I don't have to worry about my history being kept?
View 3 Replies View Relatedsetting up secure ftp on linux
View 3 Replies View Relatedthere are different methods for securing based on home versus professional computers. My questions generally pertains to securing home desktops, but professional protection is definitely welcome :) Knowledge is power. Ever since moving to the wonderful world of Linux a couple years ago, I never even really thought about security. Seeing as most low-life scum make viruses for Windows machines seeing as they're more abundant.But how do I know if I'm safe/secure from anyone who want's to get at me or my stuff. I know that anyone who is determined enough to get in will, there's no question about that. But what steps can I take to ensure I'm protected from things like rogue root shells and automatic attacks? Also, is there a sort of built-in firewall/antivirus in more Linux distros?
I know this question is quite broad seeing as there are tons of ways someone could compromise your system, but maybe you could share what you did to make sure you were safe.I decided to not allow root login via ssh and to change the port is listens on to something random. Hopefully this a step in the right direction. Currently looking at iptables and shutting down services.
I have a CF card I'd like to erase. My CF card reader is connected to my Linux machine via USB. How do I do a secure erase (i.e., the ATA Secure Erase functionality) of the CF card?
I have tried hdparm --security-erase NULL /dev/sdc, but I get an error: ERASE_PREPARE: Invalid exchange. In fact, any hdparm command gives me the same error:
# hdparm -I /dev/sdc
/dev/sdc:
HDIO_DRIVE_CMD(identify) failed: Invalid exchange
I read somewhere that hdparm can't do an ATA Secure Erase of a drive that is connected over USB. Is this true? I tried using sdparm, but sdparm doesn't seem to have the capability to send the ATA Secure Erase command to the CF card. So, what is the proper way to do this?
I choose not to run a login manager on my systems, instead opting for a tty login and then invoking xinit manually (slightly long story, it makes my life a lot easier to have a bunch of environment tweaks that my login shell sets up and has the rest inherit), but this leaves me with a security issue if someone else comes upon my PC, because even if I've locked my X session they can switch to a tty and kill my X session, dropping back to a shell.
I can either
Start running xinit; logout (which still has a race condition issue, if they get another Ctrl+C in before logout is invoked it'll give a shell) Try to disable the tty switching keys in X Wrap xinit in something to catch and ignore the signal from the Ctrl+C
can hdparm do secure erase on just a partition or does it have to be the whole drive?
View 5 Replies View RelatedI am trying to do secure VNC over SSH to a remote linux server from my windows PC, but running into this error.
Error: Unable to connect to host: Connection refused (10061)
My better half spilled some coffee on her 8month old macbook and it decided not to work anymore. Apple says it will cost around $800 or more to fix, we wont be paying that, Ill be finding a logic board or service somewhere online now that our warranty is shot and going that route.But before I send the macbook off anywhere I need to pull some data off the HDD. I was able to plug the HDD into my Linux box(internally, I dont have an external enclosure). I was able to mount the drive and copy the directories I wanted to the HDD on my linuxbox.
But Im unable to to access the directory from the terminal or from the file browser, I get an access denied message. Because I know the username and password for the macbook is there a way I can use that to gain access to the directories?Google got me this far, but when I googled "access locked directory ubuntu" or any variation of that with the terms linux and osx thrown in there for good measure.
I am using Firefox 2.0.0.8 and Opera.Both the browsers can open all sites except secure sites like, URL>..In Firefox I have checked SSL3.0 and TLS1.0.The default Enforcing mode of the OS I have set to 'Permissive'.
View 6 Replies View RelatedI want to learn using SSH (Secure Shell) service in linux and connect to SSH server with PuTTY to test some commands, but I have not worked with it yet;
I have Ubuntu 9.04 on my "Virtual Machine" and my host OS is Win.XP and I have installed "OpenSSH server" and "PuTTY" from the ubuntu repository,
Is this action rational? I mean I want to connect from PuTTY on linux(on VM) to the SSH Server on linux?
(Meanwhile, I have no work with the host Windows and just wanna test it on the linux!)
where should I see the "Host Name/Ip Address" of the SSH Server to enter in the PuTTy's dialog? In windows we can use "ipconfig" command to see the IP Addresses, but I don't know what is the command in linx for this purpose?
use SSH Service in ubuntu correctly
If a user want secure coping of files through scp from one system to another system then how this can be done. This user have only been granted securing coping of files through another system but without ssh.
View 5 Replies View RelatedI'm using Ubuntu 10.04, and starting a SOCKS proxy with 'ssh -D', and setting Ubuntu to use it with "System -> Preferences -> Network Proxy". Firefox uses the proxy, and the proxy's IP appears when I visit a site like [URL]. is Firefox resolving DNS requests through this proxy? Is my web-browsing truly secure? (That is, until I exit the other end of the proxy.
I know it's insecure after that.) (And I've verified the keys, I'm not being man-in-the-middled) (And--screw it. You know what I mean. Is it resolving DNS requests through the proxy?)I don't know how I would go about verifying such a thing for myself.Using additional hardware such as another debugging proxy is not an option. If Firefox isn't resolving my DNS requests through the SOCKS proxy, how do I go about fixing it?
I'm launching screen with the following command, inside a shell script that is set as a user's shell to keep them from escaping.
screen -dRRq -S ${USER}_MC -s $HOME/runthis.sh
Is there a way to secure screen, to keep the user from being able to even use the escape sequence, or at worst, prevent them from running commands like exec?
Edit: It's not that the user should have access to an actual command-prompt shell. I only want them to be able to run a single program that runs persistently, and as far as I know screen is the easiest way to do that. However, getting out of this is as easy as C-a : exec bash.
Right now I've just unbound most of the keys using .screenrc (especially colon), I just want to make sure I'm not missing something easier.
I'm looking for a live Linux distro that is secure and preserves my anonymity online. For what I need, Tor seems to do the job - but such software requires configuration that someone who is not knowledgeable in how it works might find difficult. I was looking at 'Lightweight portable security' but it does not specify whether it sends all traffic through Tor. Does anyone know more information about it and/or any other such live Linux distro?
View 3 Replies View Relatedi believe it is a wpa_supplicant problem. running ubuntu 10.04 on a toshiba netbook. i have my account which cannot connect to internet, wicd returns an error that it cannot obtain ip address. cannot even connect to a unesecure network for that matter. if i switch users to another user and do the quick switch users i can get internet then i switched back to my main account and here i am postings. how do i begin to hunt down the problem logs, settings how do some of you begin to hunt down the cause of this and where it would be located.
View 1 Replies View RelatedI've been searching for the exact set of tools to accomplish what I need. I was once at a LANparty. I used my webmail account and I think someone stole my password. I realized that the LAN used hubs instead of switches.
So next time, I thought I could run a server at home, which would allow me to connect with SSL (??). Then I would be able to connect to whatever website knowing that I was secure between myself and my home computer. I guess I would need to have a key before a secure connection could be made. Otherwise a "man in the middle" kind of exchange could take place.
So I guess I would need a VPN between myself and my home computer. Then my home computer would act as a proxy to allow me to surf securely. I'm not sure if these are the correct terms to use. Does anyone know what type of server I'm looking for?
I would like to setup a remote desktop for my Ubuntu computer so I can use my computer on a Windows computer that is on a different network. How can I do this?
View 1 Replies View RelatedBeen messing around with Ubuntu 9.1 for the last few weeks and am loving it so far. Been trying to get in the terminal and learn a little something, to no avail. LOL I have been googling and searching the site today for info on networking. My Linux box is a desktop, with my main HDD mounted with music, and movies and some other stuff. My intent is to network the two laptops in the house (Windows XP and Windows 7) to the Linux box so I can listen to my music and watch movies when not in the office. I have found some info, mostly involving Samba, and plan to install Samba tonight and fiddle with it. My issue was with security. I have read a few posts and they talk about the fact that if you share files in this manner, the set up is not secure at all. Is this something i should really be concerned about? If the folders I share only have my music and videos in them,
View 4 Replies View RelatedI am running WHM and CPANEL on centos.I would like to upload a file to the root user directory. To be honest, my only experience uploading and downloading files with FTP has been with domain related accounts that were set up under WHM to be managed under CPANEL. This is quite simple, because all you do is set FileZilla or Dreamweaver up with the FTP address of the domain account and the username and password.How can I do something similar to FTP a file into the root or home directory?
View 1 Replies View RelatedCan any one tell me a good GUI based tool to secure PHP code . i have tried ioncube but its not GUI based on linux
View 3 Replies View RelatedLooking to build the first computer system from scratch and I have chosen Linux as my system. Learning about Linux is a must as I would like to get away from MS. Also, building the system will better equip me when I pursue a business venture within the next year or two.I presently take course work in accounting for a bachelor degree, but will attain another degree in software engineering, both from Herzing University. My present skill level in programming?
View 5 Replies View RelatedI have the following details on my system:
- CentOS
- RHEL 5
- WebWare for Python
We have an exisiting website written in Python and was developed by other entities and now being maintained by us. We want to run the website using secure connection (HTTPS), I tried reading this article and successfully executed every instructions but still failed to run the website using HTTPS.
[URL]
The way we run the website is using port 8080, e.g. [URL] I am sure I am missing something here, first, I am still looking on where does the port 8080 comes from since I've checked the httpd.config and it wasn't there.
i want to secure the USB port by any external device connection. so i need the code of detection of an external device when plugged in the USB port.
View 1 Replies View RelatedSubject of my school work:"Web interface for managing firewall and band on the access server (Linux)"I have a big problem because I do not know how to safely implement the change in the system and show the logs on the Web page.Unfortunately, the number of solutions for today is enormous and it is increasingly difficult to me to decide on the right.They are:
1. Launching a web server with root privileges (the default mode of miniserv'a Webmin)
2. CGI scripts on apache SUID (mode webmin on "foreign" server)
3. suPHP or suexec
4. Cron implements changes to the root
5. Daemon in C "periodically" implement changes in the configuration files created by PHP
6. Daemon in C to implement the changes requested in the configuration files created by PHP
7.Use SSH in PHP and after logging into the root of execution of commands in the configuration files created by PHP (the root password in the DB)
8.Use SSH in PHP and after logging into the root of execution of commands in the configuration files created by PHP (the root password, enter manually)
9. Like the above so that the use of sudo and user rights only to the necessary shell commands
10. Add the user apache in the /etc/sudoers can perform all the necessary applications shell commands
11. Seize the opportunity to command: shell_exec ( `sudo php-f / home /example/script.php`), and /etc/sudoers
I am installing Debian for the very first time and having read websites similar to [url] I have come across parts of the installation which I do not understand.
For example, I have created logical volumes using the logical volume manager however am unclear what the message regarding writing changes to disk before configuring Logical Volume Manager means.
Once I have created the volume group, I am presented with a window that provides me with the ability to
Display configuration details
Create volume groups
Create logical volume
Delete logical volume
Extend volume group
Option 2 is pretty self-explanatory however am unsure whether it is advisable to segment directories between 2 or more volume groups. What benefits does it serve?
Option 5 provides me to extend a volume group however am unsure how this works?
Does it mean I can assign free space available one 1 physical drive to the existing volume group or does it mean I can assign free space available on a second phyical drive or does it mean both? How does it affect security, performance, etc?
Currently the only way I can see the logical volumes I have created by selection Option 4. Is there any other way? How do most people keep track of the logical volumes they have created e.g. checking off against a checklist, etc?
Next I have the ability to map the logical volumes to mount points however am confused what purpose the none mount point serves as I have the option to select it?
What are mount options for?
What do I use labels for?
What are reserved blocks for?
What does typical usage refer to?
How does the option to copy data from another partition work? What is it for?
how to write secure code for bash scripts in general? Strangely I didn't found anything in google and in the forum so far. If someone here is willing to review a bash script for me (about 600 lines).
View 6 Replies View RelatedHow safe is a chroot if it is locked down? how difficult is building a secure chroot? Does anyone know of any working tutorials for setting up a secure chroot? i only need it to run two applications, a torrent client and a VPN client. I'm hoping to set one up on Ubuntu Karmic. also, I found this, under 'section 4' he gave no write permissions to any non root user, can this be extended upon? which directories do limited users require write access to? what else would you consider essential to security inside a chroot?
View 1 Replies View RelatedI need to be able to log into (with X enabled) my home computer (running OpenSuse 11.4) from my work computer(running Windows XP). I was originally going to setup ssh on my home computer but then realized that I wouldn't be able to get my desktop this way.At work, we use windows remote desktop connection to log into other computers within our network, but I'm planning on asking my manager if I'm allowed to login to my home computer.If he accepts, I need a method to actually make it happen.I looked at FreeNX which seemed awesome but it doesn't seem to have windows support. To an extent that I would like to only allow my work IP to be allowed to even try an login.The bridge to cross here is the fact that I'm connecting from windows.
View 1 Replies View Related