Security :: Controlling External Network Access Per Processes?
Aug 13, 2010
That would seem like an elementary feature to be able to enable only a few system applications access to the Internet. That would prevent trojans to download your HD for examples. I looked around and played with iptables but I couldn't not find anything that do the job. I loaded the xt_owner kernel for iptables but the --cmd-owner command is lacking. That was my holy grail but could not get --cmd-owner to work. iptables -I OUTPUT -m owner --cmd-owner "firefox" -j LOG --log-prefix "Testing " How can I protect my machine against the enemy within.
OpenSuse 11.2
Kernel: 2.6.31.12-0.2-desktop
View 1 Replies
ADVERTISEMENT
Mar 15, 2011
Im am working on a system which runs on RedHat Enterprise I have been asked by superiors to see if the following is possible. (sudoers file config change i guess)
Example
User1 has root access
user2 has root access, but must not be able to access ctmag (user account)
I know the obvious here is that if user2 can switch to root then it won't work. But i just need to prevent user2 from su - ctmag. A password is set on the account ctmag, but as user2 has root access it switches without a password prompt
Is there anyway i can prevent user2 from switching to ctmag but still have access to root?
View 6 Replies
View Related
Jun 29, 2009
I know of /etc/security/limits.conf and that can be used to limit all sorts of good things, but I haven't found anything that talks about using this when the users come from LDAP. Would I be able to do something like
@"Domain Users" soft nproc 25
@"Domain Users" hard nproc 40
where Domain Users is the group all users belong to in our system.
View 3 Replies
View Related
Sep 2, 2010
I was wondering if anyone might know of good reference material, books websites etc., that discuss network security issues in layman terms. I would like to set up a dedicated Linux box as a firewall and would like to have a deeper understanding of the different types of configurations that are possible. I run a dual boot system and most of the firewalls I have used on the Windows side are very confusing to me. A lot of the time they give you a pop up that informs you that some cryptically named program is trying to access the network or the internet and wants to know if I want it to or not, 99% of the time I have not idea if it is a legitimate program or not. I realize that this is probably a separate issue (knowing how to identify programs and processes that should have access from those that should not) from setting up a firewall and basic network security but I know that they are related.
View 3 Replies
View Related
Mar 25, 2010
Installed a security update for samba tonight via Opensuse updater.Now, when trying to access my home network an authentication box pops up (never used to)Asks me to enter authentication for my home network.I enter my username and password and hit enter. After a few seconds the authentication box pops up again askingfor the same indicating I have entered the wrong username / password combination (which I know I have not).
View 9 Replies
View Related
Apr 16, 2010
I want to limit what a authenticated user can do on my Linux server. I've set the default shell to rbash, but I know a knowledgeable user can switch shells. Can I use file permissions to deny execution rights to /bin/bash to anyone who is not in a particular group? And if that works, how do I find out what other shells are installed on my server (Ubuntu 9.10)?
View 7 Replies
View Related
May 30, 2010
Using SLES11, squid 2.7, NO TRANSPARENT PROXY, and work fine. Now i need permit a some users only access to a pop from external mail (outgoing mail authenticated)
# Private interface
IF_PRV=eth0
IP_PRV=192.168.1.1
NET_PRV=192.168.1.0/24
# Public interface 1
[Code].....
Are there any basic iptables rules to do this? How to procedure with Yast Firewall for this requeriment?
View 2 Replies
View Related
Apr 10, 2010
I have Mandrake 7.1 installed on a laptop and I have several problems that an upgrade would likely fix or provide a path that will support a fix. The Mousepad is irratic and the PCMCIA WiFi and Ethernet cards are not recognized. What's a good way to upgrade? (I can access the network from an external modem and from a dual-boot Windows 98 WiFi)
View 7 Replies
View Related
Feb 18, 2011
my team is working on network thier termial is windows and my server is linux centos we work on simple network with out domainmy user works on files on the server, can I deman ser name and passwork when they try to change to the shared files on the servernd can i monitor which user chaned a fileI have css developer and he is only allowed to create and modify css files can i do this ?
View 3 Replies
View Related
Feb 28, 2011
I'm trying to tighten up my network a bit. I've given my dhcp server a list of static mac addresses and ip's for computers i know, and a very short range of dhcp addresses that are redirected to kittenwar.My dilemma is that if someone has my wireless network password, or an ethernet cable, they could set the ip address manually and gain access.how can i deny them this pleasure?im running dhcpd3, and iptables on a debian/lenny intel 2.4 box. dd-wrt is running in a linksys wrt54g and is handling the wireless security
View 7 Replies
View Related
May 3, 2011
How to create a user account on a Linux desktop machine with restrictions on connecting to the LAN, WAN, PCMCIA ports, Firewire, CDROM and generally any user controllable output options?
I have the task to set up a machine for users working with sensitive data that should not be leaving the machine where it is processed. This means disabling access to the ethernet device, lan, all other ports as mentioned earlier, and any other way of leaking the data.
In Mac OSX this was achieved using "Parental controls" from the System preferences; this even allows a selection of the applications that can be used. Under XP, Device Manager offers the option to click various devices and "Disable" them, which worked so far just fine. Some will point out that the latter mentioned OS may be easy to circumvent the security of in other ways, but that has been mitigated with other measures and it's not the point anyway. For the operator users in question, the aforementioned measure proved successful and worked.Using OSX and XP to do this was a 10-15 minutes job with testing included.
So far all guides and tutorials pointed to useradd, groups an facl, but in actual practical terms did not help at all, in fact most of the research did not render any practical results so far. I surely don't expect to point and click, and would gladly run a set of commands from CLI. If I had them. I would really would like to achieve the same restricted user account configuration in a concise, comprehensive and practical manner under Linux too. Preferably tested on humans before, and known to be workign, of course.
The machines that need to be set up are two laptops running Ubuntu. So how can this be accomplished in Linux?
View 6 Replies
View Related
Jan 13, 2010
I post this to have a memo about how I looked into this problem. You can use this command to check what is hidden.
Code:
/usr/lib/chkrootkit/chkproc -v -p 3 | grep /proc/ | sed 's/.*(/proc/[0-9]*).*/1/'| xargs -n1 -I %%% cat %%%/cmdline
If it doesn't output anything, then nothing is hidden currently. This usually means that a process was started between the ps command and the /proc check of chkrootkit. You can check what those command(s) are by running the above in a loop, with high priority.
[Code]...
Does anyone know how to get rid of these false positives while retaining other functionality of chkrootkit?
View 1 Replies
View Related
May 7, 2011
To: The Cog >>>
Code:
The Cog, heres the reszults for ps -ef | grep tty:
yo mama@blah:~$ ps -ef | grep tty
[code]....
View 9 Replies
View Related
Jun 22, 2009
Is there an easy way to log the names of the actual processes that initiate, let's say, outbound connections from the Linux machine, for instance track what process initiates an outbound connection to MySQL port to remote machine and stuff like that?
View 3 Replies
View Related
Dec 30, 2010
I've a Linux box with few users (with shell). I would like to prevent normal users see all the processes running on the box. How can I implement this?
View 1 Replies
View Related
Jan 9, 2010
is there any possible way to hide currently running processes from an user? This means I do not want him to know about what programs/processes does any other user but him run. In short words if that user runs 'ps -aux' he should get only his processes.
View 3 Replies
View Related
Oct 5, 2010
Normally all I/O goes through the kernel so that it can schedule the operations and prevent processes from stepping on each other. A few special user processes are allowed to slide around the kernel, usually by being given direct access to I/O ports. X servers are the most common example of this isn't it ? give examples for any other processes that are allowed to slide around the kernel ?
View 3 Replies
View Related
Mar 24, 2010
this is scary, bunch of vmware-user-wra processes stall cpu 100%!! What's going on? Server has just been restarted! Bere I restarted, the root started all this vmware-user-wra!! I was configuring vncserver! After restart, it's started by user roo300 which I have used to login via SecureShell!
Code:
top - 20:20:29 up 4 min, 85 users, load average: 76.57, 35.14, 13.60
Tasks: 629 total, 90 running, 539 sleeping, 0 stopped, 0 zombie
Cpu(s): 1.5%us, 98.5%sy, 0.0%ni, 0.0%id, 0.0%wa, 0.0%hi, 0.0%si, 0.0%st
Mem: 3873304k total, 369500k used, 3503804k free, 50492k buffers
[code]....
View 2 Replies
View Related
Mar 3, 2011
my computer is often very slow, to the point of stalling. I tty'd in and when I ran ps -ef I noticed about 10 /usr/sbin/apache2 -k start I dont even want 1 apache running. Any suggestions why these are running, or how to stop it? Well, I can stop it with a sudo killall, but how can I make sure it doesnt happen again?
View 5 Replies
View Related
Jul 16, 2010
I keep the network window of System Monitor active on my panel to see if anything is going on with the network.
After the last upgrade, lucid has been having nonstop short, small bursts of network activity, showing in system monitor as received data of approx 60 kb, then 0, then ~60, then 0, continuously. This is occurring before any applications are opened.
Whatever it is, it starts to tie up the processor until performance is unusable.
The processes screen does not offer any clues, perhaps because the data transfers are so small and spaced out. It still should indicate what is tying up the CPU, though. In the attached screencap, you can see the network activity pattern in the system monitor window in the panel.
Is there any way to monitor what processes are accessing the network in order to see what is going on?
View 3 Replies
View Related
Aug 14, 2010
i have just recently purchased a SeaGate 1TB External Hardrive. i have very sensitive information on this storage unit that i only want certain people to have access to. is there any way of password protecting the hardrive? preferably using linux or what are my options?
View 9 Replies
View Related
Jul 5, 2010
how efficient and effective are these snort, argus, ossec etc etc for an organization having 3500 PC Network, connected through 700+ Cisco Devices (Layer 2 and Layer 3), and scattered on 130 different sites (geographically)? what should be the combination of products and what should be the architecture for an efficient forensics activity?
View 2 Replies
View Related
Oct 27, 2010
I have a desklet that, occasionally after toying with network stuff, will tell me that large amounts of data are being sent/received. What's a good way to determine what processes are occupying these resources?!
View 14 Replies
View Related
Jul 11, 2011
I am trying to check what all processes are accessing a particular file (a UDP socket in my case) on a filesystem.I am using 'fuser' for that.But, it seems, it only gives the processes accessing the file at that particular moment.Is there any way to continuously run 'fuser' (or some other command) which will give all processes accessing the file during its run?OR is it possible to generate a filesystem alert when a particular process accesses the file?
View 1 Replies
View Related
Oct 15, 2010
To avoid having to input a password for the keyring each time I connect to the net via wireless, I enabled the 'Available to all users' option in Network Manager. Now, my question is this. Are the 'users' it refers to just those created on this machine? Would a drive-by be able to use my network without entering the password?
View 3 Replies
View Related
Aug 26, 2010
I installed 11.3amd64 as a VM under Vista/VMWare Player - all worked fine. I have now installed it as a physical system. It nstalled cleanly BUT during first boot it could not access the repos. With each repo it gave the message
- download (curl) error for (repo)
- error code connection failed
- error message could not resolve host (repo)
This was followed by a message box containing
- UI syntax error
- no widget with ID 'contents
Firefox could not access the internet (cannot find server) until I disabled IPV6 (I used about:config), now it works fine. I think the repos problem is because of IPV6 - I usually have trouble with IPV6. I tried disabling IPV6 with the following (How To Disable ipv6 on SuSE Linux | Linux Poison)
[code]......
View 8 Replies
View Related
Nov 11, 2010
As it stands I have a small home network operating behind my modem/router. Some of the ports on this are forwarded to my PS3 for gaming but I was looking at forward some for my file server.
At the moment I've forwarded port xxx22 to port 22 on my server for SSH for instance. ANd similarly 21 for FTP (although it doesnt seem to want to connect for any more than a few seconds using that). What I was thinking of doing was placing a small website for a handful of ppl to use on the server too and port forward again - xxx80 to 80. It works just fine but I'm a little concerned on the security front.
As I've moved the port to something different from the outside world I'm presuming I will have already cut the potential for malicious folks to wander in but is there anything else I should be doing? At the moment there's no firewall operating on the server, usually as its hidden behind the modem/router. But if I open this thign up more permanently what should I be doing? I've read a few articles on it but I'm always left with the overwhelming thought of "Thats if theres no firewall in my router" as they just seem to do the same.
View 5 Replies
View Related
Jun 7, 2011
The default Firewall ufw is not enabled by default at the time of installation and it has to be enabled by the user.Isn't this a security risk or is the user whether ufw is enabled or not secured from external threats?I am not much knowledgeable about network security But I am trying to understand the Ubuntu mentality behind this default setting.
View 4 Replies
View Related
Apr 22, 2010
I'm running ubuntu 9.10, and created a softraid5 with no problems. Now i need it to automount with user read/write access, and i need to make some network share folders. My fstab has the following line for the raid:
Code:
/dev/md0 /media/raid auto rw,user,auto,exec 0 0
After i mounted it, i changed the permission with:
Code:
sudo chmod 777 /media/raid/
So now i can create folders and files on it.
Then i created some shares, one with guest access and other with no guest access.
Now the questions:
1) If i access the guest shared folder via WinXP, i create files and folders, but they appear locked on ubuntu, so i cant access them until i change the permissions. If i go to proprieties/Permissions, the owner is "nobody".
2) What password do i need to use on WinXP, and i try to access the non-guest shared folded? Do i need to create a user just for that?
View 1 Replies
View Related
Aug 25, 2009
Recently I've formated my PC. I've installed Fedora 11 in my new HDD. Through a doxky station I've connected my old HDD (with Fedora 11 too) but I can't gain access. Through "palimpsest disk utility" I can see my HDD:
Quote:
750 GB Generic External
750 GB / GiB / 750,156,374,016 bytes
Master Boot Record
Connected via USB at 480.0 Mbit/s
[Code]....
If I click on "750 GB LVM2 Physical Volume" I can read the attribute type of partition as Linux LVM (0x8e). Unfortunately I can gain access inside to recover my old documents and backups.
View 3 Replies
View Related
