Security :: AutoMount Any/all USB Drives READ-ONLY For Security (RHEL5)?
Mar 24, 2011
how to automount USB devices read-only for security in RHEL5? I'm looking for the generic solution for any USB device, so I'm not looking to hardcode something into /etc/fstab.I've hunted around and I can't find a clear answer and my various attempts have failed. I've looked at /etc/auto.misc, UDEV, and HAL. Here's where I'm at which isn't working.I have RHEL5 and from what I can tell HALD manages the automounting. HAL seems to have 2 primary directories:
/etc/hal/fdi
-and-
/usr/share/hal/fdi
The difference between the two is unclear to me.Based on some examples, I created the following file:
--------------------
Code:
<?xml version="1.0" encoding="UTF-8"?> <!-- -*- SGML -*- -->
<deviceinfo version="0.2">[code]....
No matter what I call this file or where I put it, any USB device still mounts RW. How do I fix this? Am I correct that HAL is the right place? Looking through dmesg, it sure looks like HAL controls this, but maybe I'm wrong? I've also made various attempts to solve this with UDEV and /etc/auto.misc, so if it is one of those, I clearly don't know the correct thing to do there.
View 1 Replies
ADVERTISEMENT
Dec 29, 2010
How do I create a Truecrypt volume that will automount on bootup?
View 3 Replies
View Related
Jun 20, 2011
i want to know the risk with auto mounting flash drive as a root user,if for example there is a Usb Flash drive inserted into the system and we login into root unknowingly, and this flash drive contains an autorun script which calls a new script that can place viruses in your system, since you are in the root it will not even prompt for password and if the script is fast enough you will not even see it executing.
View 7 Replies
View Related
Aug 10, 2009
I am working to create a new base image for our RHEL5 setups, and I wanted to make sure we are creating a functional, but secure, image. Can anyone point me to some writeup's that might provide some illumination on this potentially daunting task? Basically, I'm concerned about what packages are okay, which should be avoided, and what other caveats that I might not think of when putting this together.
View 6 Replies
View Related
Oct 27, 2010
Our org uses Foundstone. I gave them a wheel user and verified connectivity with putty from their server to my RH box. Foundstone never makes it in and I don't see anything from faillog, sshd logs, etc.
View 5 Replies
View Related
Feb 2, 2011
i have a triple boot of windows XP,7 and ubuntu10.10 netbook remixis it possible to require a password to mount the windows drivesthere is no log on password on the ubuntu but i dont want people to access the other drives unless they have my password
View 3 Replies
View Related
Jun 10, 2010
i need to shred (or at least do a low/high level format) the drives before giving them to my parents (because they know about undelete and stuff). so, what apps can i use in ubuntu to do this?
View 4 Replies
View Related
Sep 1, 2010
Is there a way in Lucid to require a sudo password to mount all external drives (e.g. thumb drives, USB CD/DVD drives, USB hard drives)
View 1 Replies
View Related
Jul 23, 2009
I was thinking of physically removing the hard drive and use the computer only with a liveCD for security. But is disabling the hard drive in the cmos just as secure, or does software exist that can still access the hard drive?
View 12 Replies
View Related
Jul 28, 2011
So I have just set up my cryptsetup.I can open/mount it by either "crypsetup luksOpen" or just clicking on the partition from the "Places" tab and it will ask me for a password and all.
The only problem is that I can't read or write to it at all. Everything is probably root, which isn't useful to me.
So how can I change it so that when I do either of those 2 methods for opening it, I can just fully use it, read and write and everything? As my user.
View 1 Replies
View Related
Sep 6, 2010
I've recently upgraded to 10.04 and have noticed that all the files or folders I've been creating recently are read only. I can manipulate the folders on my ubuntu system itself and create new entries, folderes, subfolders, and save files. IE a payment receipt in pdf format. However if I then try to move or copy any of these to my DROBO (data storage device) the file gets the LOCK Icon on it and becomes read only. If it is a subfolder I can no longer copy to it and if it's a regular file, say a pdf or flv I can't modify it. Attempting to change the file permissions on either my ubuntu desktop or any other folder works but once it goes to the drobo I lose the ability to change it off of ---. Again, this was all working fine before doing the upgrade to 10.04. Yes I did do a clean install to 10.04.
View 6 Replies
View Related
Apr 3, 2011
I am running a ubuntu server for home use and am currently hosting a website for testing urposes I am worried because I have to leave my port 80 open for this to work. an Idea I have is to make it that port 80 is read only.
View 9 Replies
View Related
Oct 14, 2010
Long time reader, first time poster. I've got, what has become to me, a brain bender. It seems ACL's are the best way to go, but I am not 100% sure. Each user should be able to create files and modify each others'files, but should not be able to delete any one elses files in a directory.chmod -1777?setfacl?
View 2 Replies
View Related
Jul 13, 2010
I have an ADSL modem and router, its OS is linux. It runs ftp service, and I can read files in its file system, but I have no permission to list files and to write files. It has TR069 protocol connections and can upgrade remotely.It has ssh, but not started.
View 1 Replies
View Related
Jan 18, 2011
am fiddling around using an AES encrypted password which is stored in passwd.txt:cat ../passwd/passwd.txt
{AES}yTMWTrdbuPtCxikvv5udVDTQ70anBVVKvP+GPQEH1RY=Yet I like to interpret this password on the command line using svn checkout, so I do not have to type in my password ( which is visible on the command line):Exporting the variable SVNPASS reading it from the passwd.txt ( export SVNPASS=`cat <../passwd/passwd.txt`) won't work obviously as it interprets it as "text", so my question is, if there is a proper way to interpret this stored AES password so I can read it from the file?The alternative is to type in the password on the command line, but this needs to be invisible eitehr showing #, * or "hidden".
the last option is described: http://www.tech-recipes.com/rx/278/h...-shell-script/
View 5 Replies
View Related
Jan 10, 2011
I have a question regarding Samba Permissions. As the subject described, is it possible to let users read the file but can not copy the file physically? It's fine if they open and copy paste the contents but no physical copy paste and also I need to log the activity of the users. If samba will not be able to comply my needs, could you suggest some programs to meet my requirements?
View 3 Replies
View Related
Jan 19, 2010
I'm looking for a virus scanner to scan some removable media (USB drives, mp3 players, etc). Since there's so many choices to choose from, can anyone recommend any?
I've heard a lot of people recommending clam av, but everything I've read suggests that clam av is better used for scanning e-mail servers and not home desktop application...
View 1 Replies
View Related
Jun 23, 2009
I am interested in making the root file system is read-only. I've moved /var and /tmp file systems to another partitions. There are two files in the /etc directory that need to be writable.
These are:
I've moved this files to /var and linked it. I've added command to the /etc/rc.d/rc.local file:
That's it. Are there other solutions to make the root file system is read-only?
View 1 Replies
View Related
Jan 20, 2010
This is weird, today I updated my system and while trying to visudo from single user mode got
"cannot read /etc/shadow: Permission denied"
which kept me from doing anything until I switched to file permissions of 400 on shadow, then back. Is this being experienced by anyone else or just me? /etc/security/limits.conf doesn't seem like it wants to change in enforcing mode either and I can't find any alerts to provide clues on the situation.
View 8 Replies
View Related
Jan 7, 2010
I have Ubuntu9.10 installed in my laptop, and I want to give read-only permission on mass storage device (USB flash & external HD) & CD-ROM.
please guide me how this is possible. It should be automatically.
It's necessary for security purpose.
View 5 Replies
View Related
May 2, 2011
I had to reinstall Ubuntu (Natty) on a brand new computer and while installing I setup the datas partition to be mounted in /usr but now I can't have access to files I put in there even if I setup the group/user permission! I can accezz /usr/Music but all files are locked
View 5 Replies
View Related
May 4, 2010
I was running '# ls -l' in '/' directory and I noticed all directories in '/' have the following permeation 'drwxr-xr-x' [except root's home which is 'drwx------' (after I change it from 'drwxr-xr-x' )]
I don't want all the user (except root) to be able to read and execute (in) any directory, I just want every user to be abel to read/write/execute only in his/her home directory.
my question is, is it ok to change file and directory permeation of the following directories in '/' from 'drwxr-xr-x' to 'drwxr-x---' or 'drwx------' recursively?
/bin
/boot
/dev
/etc
[Code]....
-I and the other users use the pc for internet, open office and email mainly.
-It does not run server(s) like smb/cif or NFS.
-There are 5 usernames (created by me, non of them are superusers) in th pc, only one user is required to login at any one time.
View 3 Replies
View Related
Apr 29, 2011
I have a log server that collects logs from all the cisco devices on our network.he company policy states that any logs should only be accessible by root. So I have the following permissions set on the directory, as well as everything inside the directory where the cisco logs are kept.
Code:
drwx------ 65 root root 4096 Apr 29 7:38 rsyslog
The cisco folks are requesting access to these logs, which is allowed by company policy.
[code]...
View 12 Replies
View Related
Jun 17, 2011
I was running a 2-partition hard drive, Windows Vista (lamentably) on one partition, and the other running Ubuntu. I began having trouble with the Vista partition, so I attempted to move as many of the files that I really wanted to keep as possible over to the Ubuntu partition, and then reformat and reinstall the Vista partition. As a result, I could no longer boot to Ubuntu, and I consistently got errors back from everything that I tried on the Vista partition.
The only way that I can now access anything on the hard drive is to insert the Ubuntu install disk, go into trial mode, then mount the partition. At long last, here is the problem: Is there anyway to possibly make the partition bootable again so that I could burn the files to a disk? From trial mode I can get to a number of the files on the mounted partition, HOWEVER, they are secured with the username and password of my user account on that partition. Is there any way that I can access the files from the trial mode by entering my username/password?
View 2 Replies
View Related
Oct 2, 2015
Is there a way to set up your system (running CLI only, no X) to automount flash drives? I know how to mount them manually, but I'd really like it if there was a way to just have the system do it automatically when I plug the drive in so I don't have to do it myself every time.
View 4 Replies
View Related
Jun 6, 2010
Suffice it to say, I'm an idjit and can't figure out how to get my USB drives to automount.
View 9 Replies
View Related
Apr 26, 2010
How to automount internal drives. I have 2 other partitions other than the boot one. I want both the other partitions to mount at startup without asking me the password.
View 9 Replies
View Related
Apr 4, 2011
My USB devices are being automounted as root in Ubuntu 10.10. How can I automount them as the current user? Here is the output of:
sudo fdisk -l
ls -l /dev/disk/by-uuid
df
For this example, /dev/sdc1 is connected.
Code:
matt@matt-G73Jw:/media$ sudo fdisk -l
[sudo] password for matt:
Disk /dev/sda: 500.1 GB, 500107862016 bytes
255 heads, 63 sectors/track, 60801 cylinders
[code].....
View 2 Replies
View Related
May 22, 2011
love security/pentest tools. This script adds ALL the tools from the Security Spin, plus Metasploit. Feel free to modify it if need be.
View 12 Replies
View Related
Jan 19, 2010
ubuntu 9.10 login panel is worse with respect to ubuntu 8 since now all the users with names are shown without a way to hide them!Why don't keep the old way at least as an option?
View 5 Replies
View Related
