Security :: Hardening Security: Limit "ps" Outputs To Current User Only?
Mar 27, 2010
I'd like to limit ps aux command outputs to current user only(the one, who invoked "ps". I've recently saw this feature on FreeBSD systems and on at least one Linux system running on shell.sf.net. I run Linux 2.6.33, I wanted to know how to make that. Any advice? Googling around wasn't too successful, perhaps I don't know how to query that, recently tried with "limit ps outputs" "ps aux current user", etc... had no luck.
I've been looking for this feature for months and couldn't find a solution for this. Does anyone know how to create users and limit the user to a specified directory?
I'd like to limit login attempts for specific user. I've found information in manpages: [URL]but I'm not sure if this '@' is purposly there, so would be that correct?
I just ponder can anybody shed some light to me how to manually disable service such as FTP,SSH,etc in which Bastille is doing.If all the services can be manually disable,which mean Bastille is just a tool to help newbies like me to use it.
I have a VPS (Ubuntu 8.04 server eition) and as such am stuck with using a software firewall.
i currently have UFW installed.
I would ideally like to have my firewall be a little rude, or rather just not polite. I know what i am asking will break the RFC, but i consider this ok due to the security benefits.
I would like to have my firewall 1) ignore (eg drop without responding)all packets that dont start with a syn flag 2)for all other traffic that is currently blocked, have it dropped (again drop it without responding)
If there are any other rules you can think of i would like to know them. I already have only the services i want open and the rest blocked.
I use my desktop (VM) for online transactions only (it has no other purpose) & have removed most software. In adidtion want to remove Archive Manager, Calculator, Multimedia systems selector, Printing, sound recorder, Terminal (gnome-terminal), terminal server client, Ubuntu One. When I attempt to remove the listed software, I receive a waring message "no future desktop updates will include if you remove this". I want to know if this will impact the updates for Firefox as this is the only app I need. Can you please advise on any other consequences if I proceed with the above?
When I google this I get a million results, most of which are either too in-depth to be practical or advertisements for one solution or another. Is there a general guideline for hardening a linux (kubuntu) system? A set of steps say, to close all ports and disable all listening services like you would do to a windows machine? I can hardly believe that there are NO vulnerable points of attack on a default kubuntu 10.10 install. I don't know very much right now so I'm looking for something to fill in the gaps and translate my knowledge of windows (in)security into a holistic view of how the penguin operates.
I run a compute cluster with only a few users. Occasionally a user will accidently run a job on the master node that runs out RAM/swaps then hanges up for a while.In /etc/security/limits.conf I have set memlock to 7.5GB (master has 8GB RAM) and maybe that is what lets the machine come back rather than hanging completely? Is this the right setting to physocally limit a single user from asking for more RAM than the system has and bringing down the system? Should I set this to 2GB or so or is there something else I can do??
I need to limit the number of ssh connections a user has. All the users are using tunnel only so their shell is set to /sbin/nologin The logins do not open a shell they just create the tunnel so /etc/security/limits.conf has no effect on them at all.
I tried setting 'MaxSessions 1' in sshd_config but either that doesn't not do what I expect it to or it plain does not work as even with a normal user I was able to open an unlimited number of sessions. I need a good secure way to limit each user to 1 ssh session without them having a shell but Im unable to find a solution.
I'm looking for a solution for sendmail to limit the number of emails send per miniute per IP. For example all my local computer user with ip 192.x.x.x need to able to send 10 emails/minite (emails, not connections!. The rest of the world can send for example 200 emails/minute to the mailserver. If the amount of emails per minute is exceeded, sendmail needs to block receiving emails from the spesific IP. I want to do this to stop spaming from my local network. Is it possible?
It is known that binaries with the SetUID bit enabled are a threat for the system.I saw on this ArchLinux wiki[URL].tead_Of_Setuida way to limit the use of SetUID bit thanks to POSIX capabilities.It looks very interesting.Does anyone of you used it already?Is it a burden for the system afterwards (like binaries not working, needing to be fixed); or is it seamless
Is there a way to create a guest account and have Ubuntu "automagically" limit the amount of time the user can access the Internet? So, for example, could she set up an account for her son and limit his Internet access to an hour at a time?
I'm trying to limit the number of the ICMP packets reaching my server, so I'm using the limit module of iptables, unfortunately it seems the limit I set is totally ignored as I can easily send tens of ICMP packets and get a reply in less than 0.3 second Quote:
m3xican@m3xtop:~$ sudo ping -i0 -c20 x.x.x.x 20 packets transmitted, 20 received, 0% packet loss, time 230ms rtt min/avg/max/mdev = 184.969/185.895/189.732/1.301 ms, pipe 16, ipg/ewma 12.138/186.232 ms This is the rule I'm using to accept ICMP packets (default setting is DROP)
Code: iptables -A INPUT -p icmp -m limit --limit 1/s -j ACCEPT And these are the kernel modules related to iptables Code: Module Size Used by xt_limit 1382 0
I have been reading guides for a while now and so far have not found an exact solution to my problem.
I want a linux user (dave) to be able to switch to another account (patrol) without a password prompt, but dave must still be denied access to root. Patrol must also be denied root access.
In the sudoers file
Code: User_Alias Patrol=dave,john root ALL=(ALL) ALL Patrol ALL=(patrol) NOPSSWD: ALL
if i wanna to compile the unrealircd ircd server with max 150 users what i have to do i remember is on limits.conf the open filesbut i am comfusing the soft and hardmust have the same number !? or different?the second is if i wanna this shell when the user download the pack and he going to make compile to allow him to have only the option to compile in leaf mode and not hubso
I have a standard home set-up for my Ubuntu OS, and I would like to know whether its possible to cut out the repetitive prompts to enter the password, as when you connect to the internet or access files on a partition that's not home, or install new software.
I am at a loss how to prevent Denial of Service attacks to port 25 and not block legitimate connections from 2 Barracuda 800(s) and block smart phones such as iPhones/Blackberrys/iPhones that use the server smtp.server.com for email. Presently for port 25 RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 25 -j ACCEPT
The 2 Barracuda 800(s) make port 25 connections all the time, plus users with smart_phones have the incoming server type: IMAP pop.server.com smtp.server.com
Is there a way to keep Denial of Service attacks from happening with iptables rules without causing blocking to the Barracuda(s) that make constant port 25 connections & smart phones that poll? I was thinking if I allowed the Barracuda(s) in these lines -s (barracuda)24.xx.xx.xx -d (emailserver)24.00.xx.xx -p tcp -m tcp --dport 25 -m state --state NEW -j ACCEPT
Where the source would be the Barracuda going to the email server. It would be allowed, then I am left with how to allow other connections like Smart_Phones that connect via Port 25. I am thinking if I put rules in place doing connection counts in a minute it would result in errors connecting to the server and people would start complaining. Plus any limiting may result in blocking real traffic. Then would I need to allow the ISP range in the above example to accept port 25, I am still left with how to drop a flood/denial of service attack.
Can I, with only the use of IPTABLES, limit the incoming bandwith for a protocol? We have for example servers that have a FTP and HTTP server running and whenever HTTP has a lot of connections open, the other uploads/downloads get a timeout. I know I can limit the number of connections but prefer to limit on protocol level. Is this possible using IPTABLES and if so, can someone indicate how to proceed or provide a link? If it's not possible can someone point me to the right tool for the job?
How to number of connections for a single ip on port 80 to CentOS 5.5 with iptables? connlimit did not work on CentOS and nginx does not provide a module for that
I was searching around and I stumbled upon a Linux Kernelix Sockets Local Denial of Service exploit.I downloaded the exploit, compiled it ran it to check if I am vulnerable.As I was expecting, the exploit instantly "killed" my Maverick system and I had to use the power button to reset my computer...Is there any way to limit the numberof allowed open sockets?I don't think that this can be done using /etc/security/limits.conf in a similar way of preventing the fork bombs
This might sound really stupid, so you'll all have to excuse my lacking knowledge. I read that USB attacks get more and more common, like putting in an USB stick with a malicious autorun script on it, and it's game over. Can AppArmor protect devices and limit their access to the file system?
I installed Gnome Nanny. I can choose the times when the computer can be used and limit the internet. However, these times are not being enforced. Is there some other settings that are used to enforce these settings?
I'm trying to limit access to port 8443 on our server to 2 specific IP addresses. For some reason, access is still being allowed even though I drop all packets that aren't from the named IP addresses. The default policy is ACCEPT on the INPUT chain and this is how we want to keep it for various reasons I wont get into here. Here's the output from iptables -vnL
[Code]...
Note the actual IP we are using is masked here with 123.123.123.123. Until I can get everything working properly, we're only allowing access from 1 IP instead of 2. We can add the other one once it all works right. I haven't worked with iptables very much. So I'm quite confused about why packets matching the DROP criteria are still being allowed.
I looked at the security adviseries page on slackware.org, and noticed only 1 listing for 2010. I'm currently using alien bob's slackware-current script to make a dvd iso (x86_64.) So is this patch already applied or what? How do I go about maintaining a secure system from here? I've tried to search for clues about this but I'm a little confused (very new to slackware,) so I apologize if this question has been answered many times. Also, when a security advisery arrives, do I need to download the updated package? Or can I simply find a patch from a single source and download / apply them? What would you do concerning this issue? I guess easily applying security updates is where debian shines. I'm really starting to like Slackware though, I must admit.
Can anyone tell me some current and future threats to the authentication methods used in Linux system. Modules like PAM(Pluggable authentication method), SASL, Kerberos, Shared secrets, shared passwords etc.
created a user but i forgot to change the home directory permission.so after user created when i go to the user and group mangement i cant see that permission filed related to the home permission directory.my purpose is to stop accessing other user to my home directory,how it can be possible??
