I have setup a VPS server, created two accounts to two domains respectively, and in one account I built a tool to manage other accounts. I have been rigorously researching and found information, however not implemented yet, about granting apache sudo rights through an interface on one account, so that it can execute scripts as root to manage installations in other accounts. what I mean this is my tool will use 'rsync' to duplicate installations from any account into any account.
My question for security, is it secure to grant apache sudo rights? I have not resolved successfully granting it permissions, and I would not want to waste my time investigating more on it if it can compromise the system in any way.
In your experience, is it feasible to build such a tool like I described? I have the tool working to copy within account and to addon domains and it works great, but I want it to manage all accounts on the server.
When i open applications which need su or gksu commands sometimes a string "Granting rights" appears in the window. I just find this [URL] It happens mostly when i use desktop launchers to run these applications.
I've set up a server for the first time today and I'm reading up on how to secure it. But I was wondering if anyone here would give me some tips from personal experience on what to do before going online with my website for the whole world to see. I'm running Ubuntu Server edition and Apache. Am I good to go with default settings or is there anything recommended that I should first do?
Im using opennms network configuration backup server called 'RANCID'.It run on top of RHEL5 system and using APache. Here's the link which i'm accessing [URL] But any one can access this URL and obtain my configuration files
I want to secure this using a logon page.allow login Only for the successful authentications by entering the predefined username and password But after get authenticate book marking the above URL still can access anyone since it didnt prompt username and password again In eachtime executing the above url it should direct to authenticate page
I'm an Oracle DBA and started working for my current employer about 4 months ago. This past weekend an alert re: FS space brought my attention to /var/spool/clientmqueue (full of mail re: cron jobs) and the fact that sendmail is not running on our Linux servers.I'm told that the IT security team deemed sendmail too vulnerable so we don't run it.Aside from FS filling up and missing notification of issues with crontab entries, I'm concerned that we may be missing notification of potential issues. In other Unix/Linux environments I've seen emails from the print daemon when it experienced problems with specific jobs.
Are there other Linux facilities aside from cron and lpd that use email to advise the users of possible issues? Are there ways to secure sendmail or secure alternatives to sendmail? My primary need/desire is to make sure that emails regarding issues on the server get to the appropriate users. Secondary goal would be to have the ability to use mailx to send mail out. There is No need/desire to receive mail from outside.
I have joined the domain (server 2003) and can log in consistently now. Now I would like to give all the windows users in on specific group (domain power users) SUDO rights on the machines in question. I have found one way to add users on a pr. user basis, but adding 30 users will take some time.
A day ago I finally got around to upgrading the PackageKit installation that had been sitting for a week and a half, so I found a new upgrade for sudo available - the one that gives the sudoreplay command, I forget which version number it is exactly. When I try to use the sudo command I get this notice in my terminal:Code:Can't open /var/db/sudo/me/1: Permission deniedI didn't get it before. What do I have to do to make it open? I'm using SELinux in enforcing mode if that helps.
I am only user on this ubuntu 10.10 install. I have admin rights but when I try to change some settings via Ubuntu tweak unlock or alter user and groups via advanced tab I never get the option to enter my password. I have added a new user 'tempuser' via safe mode and this user is administrator too but everything works fine from this user..
Results from $ grep admin /etc/group lpadmin:105:heath,tempuser admin:119:firstuser,tempuser,heath
Results from groups admin adm dialout fax cdrom floppy tape audio dip video plugdev fuse lpadmin sambashare I am thinking of making a fresh install if I cant sort this but would like to fix if possible.
I created a website in my apache server. I just need to secure that when everyone try to access any folder on my root directory, it will show "Forbidden".
I am novice user of linux. I need to know how to configure firewall so my system cant be compromised...In windows my system was greatly compromised. keyloggers were installed without my approval and my desktop was taken on remote. What should I do so without my knowledge no software can be installed and i can close all ports and only open which ever port is required to open. What should i do so my desktop cant be taken on remote?How do I configure user rights ? So except me no one can install any software. I will have another general user id for internet surfing
Quote: The open-source Linux operating system contains a serious security flaw that can be exploited to gain superuser rights on a target system. The vulnerability, in the Linux implementation of the Reliable Datagram Sockets (RDS) protocol, affects unpatched versions of the Linux kernel, starting from 2.6.30, where the RDS protocol was first included.
According to VSR Security, the research outfit that discovered the security hole, Linux installations are only vulnerable if the CONFIG_RDS kernel configuration option is set, and if there are no restrictions on unprivileged users loading packet family modules, as is the case on most stock distributions.
I seem to be missing a secure.log or security.log file. I have Ubuntu 10.04 and can't find this file. I looked in the /var/log and ran a search command to no avail. Does anyone know where this file is or is it called something else. I'm looking for a file that logs any change to the security settings of the system.
I am novice user of linux. I need to know how to configure firewall so my system cant be compromised...In windows my system was greatly compromised. keyloggers were installed without my approval and my desktop was taken on remote.What should I do so without my knowledge no software can be installed and i can close all ports and only open which ever port is required to open. What should i do so my desktop cant be taken on remote?How do I configure user rights? So only root and one admin can install softwares and no one else.
I have been wondering if a guest user could compromise a machine which is set in the following way: they are not able to open the computer case, to boot from either an USB flash drive or an optical-disc drive, nor have any knowledge of the administrator-user password. Thus, they are landing on their guess account, and have to work their privilege escalation from there.
Therefore, what can they do to gain it? Could they download or otherwise install or run from a thumb drive an application that could be used to crack the administrator-user password? Because, it seems to me, could they enter into the system such a password-cracking application, the whole system could be compromised given the administrator-user password contains less than 9-or-so characters. What do you think? Can I lend my computer to anybody without them having beforehand gained my trust in them? Is the reasoning reasonable?
I am new to fedora (been using debian based distro's for the longest time). With the new release I decided to give FC13 (The kde 64 bit spin) a try. I told it to wipe my entire hdd and encrypt the partitions. The partition manager made a few LVM partitions which I assume are encrypted.
The problem I am having is that if I attempt to use an application that would normally need root access to run, I am not prompted to enter my root password. Instead, I am required to logout and log back in as root. Is there a way to make it so that FC13 will prompt me to enter in my root password so I do not need to log in and out? Or is there something Different I should have done during the install process? Also, what is the terminal equivalent of "sudo" in fedora, or is it still sudo/KDEsudo
I also have not used SE Linux before. Do I need to manually enforce the permissions for my applications and generate my own profiles for it, or is that done automatically?
perform below activities please guide how to do perform below activities.Make sure the Guest account is disabled or deleted.-Disabled or deleted anonymous accessSet stronger UserID policiesSet Key Sensitive UserID Default enable in linuxCombination of numbers, letters and special characters (*,!,#,$,etc.)
I set up my ubuntu server with iptables that only allows ssh in the input chain (and of course established connections) with only the mac adress of my laptop allowed to connect, set up a key with a long passphrase and installed pam_abl plugin. ICMP echo is blocked by default.
The only problem is i log all other attempts to connect to the server and i see a lot of traffic going to ports 445 and 5900.
My question is: Is there a possibility that these attempts could succeed and is there any way to further ensure this server?
Newbie here, I'm thinking of moving mostly to linux to get away from the security holes in Windows. And I have some questions...
How secure is Firefox for doing online banking?
Sometimes I have run into a situation where the bank doesn't support anything but Windows explorer when accessing my accounts. Can this be gotten around safely in Linux?
Is there any way to secure harddisk accessbility ? i want encrypt my hard disk, and partitions that ubuntu installed on that. is there a way ? i want deny all access to hard disk, just my own root account can have access to all.
Ok im new, i know apparmor is running. i was looking for firestarter but their isnt one.....how do i secure this server? i want a good firewall and some virus protection!. also do i need this?
