Regarding the usage of our PKI, some security consultants suggested to let our root CA offine (hardware online but disconnected from the network). However, when it is offline, I don't understand how to sign certificate request or to publish CRL. How a PKI works with the root CA offline? USB sticks?
View 4 Replies
using ubuntu and the corporate edition of open dns? >Im curious to find out how the anti malware filtering works in open dns works.
View 4 Replies View RelatedI was trying to edit a file requiring root permissions, so I used sudo. I typed the root password and it failed. This happened three times, and the process was ended. I then logged in as root (su) and was able to navigate to the file and make changes as root. Am I missing something? How would I edit the sudoers file such that this password would work? Or is there another way to log in to the sudo group to make these changes? How do I set sudo passwords?
View 1 Replies View Relatedwant to run VirtualBox with root permissions. Trouble is that only when run as root i can access attached USB devices inside of a virtual machine, otherwise, these a greyed out).Now running VirtualBox as a root user also changes the configuration folders, making all my virtual machines already defined disappear. I also don't want to copy all to the root configuration folders. Is there a way to give the VirtualBox root permissions but without actually running the application as a root user. Is it possible to do without changing the permissions of the non-root user, i.e. i don't want my user to have all root permissions, due to security considerations.
View 1 Replies View RelatedI run ProFTPd with TLS authentication on my Debian Lenny server. My problem is that despite of the fact that my users connect chrooted, one of my friends had root privileges after logging in form a Macintosh and could browse the root directory, too.
View 1 Replies View RelatedContext: I happened to read through an old presentation today on OpenBSD's cryptography page called "A Future-Adaptable Password Scheme". In spite of its age, it still seems relevant and useful. One of the topics it discusses is the problem of "offline" attacks, where an attacker is not slowed down by any system (or other external) security. It's attacker vs. the computational cost of guessing passwords in such a scenario.
Specific question: On several unix-like systems (including Linux), the salt helps make building rainbow tables computationally expensive. It's not enough to guess a password and hash it; the proper salt must be provided as well, or the password will not be discovered.
However, the salt (or the hashed salt) seems to be visible in /etc/shadow. For example:
Code:
foouser:$6$U9a6HdUY$U3qFDMen0wDmL0x5WHm2OWhOgzOZ4MCQxV/oY.i5RhfXCQrLifIVkBpWOd1CbCGimVCjmfxZAaud/sXDf1.mv0:14733:0:99999:7::: So in an offline attack, a rainbow table could be built using precisely that salt, correct? (Yes, I realize /etc/shadow is not readable by non-root users, but I am considering an offline attack.) Building the salt (or the hashed salt) into the hashed password seems to defeat the purpose of using a salt altogether.
Having read on the forums about some of the dangers of running Wireshark as root, I would like to know if anyone can suggest some alternative packet sniffers/network analyzers which will offer similar results but without the security issues. I am using Karmic Koala on a Fujitsu Siemens laptop with wireless router (firewall enabled)
View 7 Replies View RelatedWhenever I login as root, an e-mail with the subject "Security information" is sent outwhere the e-mail address for this message is configured? I need to change it (or perhaps disable it).
View 9 Replies View RelatedI found this on Bee's website. For more info on this exploit there are links there:[URl]..All you have to do in Fedora 13 is enter the following lines in a shell as normal user:
[Code]...
I don't think this can be considered solely an "upstream" problem, because I first tried it in Arch using the same version of glibc, and the final command causes both gnome-terminal and xterm windows to disappear.
since a couple of days my clutterflow preview doesn't work in nautillus-elementary any more. First I thought it is because of an ubuntu update. But I'm not sure. I have installed the latest version from am-monkeyd's ppa. The strange thing is that it works when I start nautilus as root.
Edit: After several trys I found the solution: press ALT + F2, enter: gconf-editor and then navigate to apps > nautilus > preferences and enable 'show_clutter'.Restart Nautilus (nautilus -q). That's it.That did the trick.But I still don't know how this setting was unchecked...
I just setup a debian OS(in emulator) and trying to use apt-get update. When I log in as root and do:
export http_proxy=http://proxy.com:9090
apt-get update works
If I use another user and ssh to this debian, sudo apt-get update will fail to work because it don't use the proxy. I try to do the export http_proxy stuff again but still not working. echo $http_proxy showing it already set correctly...
p/s:
I have a workaround by adding this lines in the apt.conf
ACQUIRE {
http::proxy "http://proxy.com:9090"
}
but I really don't want this solutions because I want to easily disable the http_proxy in command prompt (by unset it).
I mount my NFS shares with fstab entries likexxxx.xxxx.xx:/srv/vdr /media/vdr_video nfs noauto,user,bg,soft,intr,retry=5 0 0 With openSUSE 11.2 works this fine. With openSUSE 11.4 installation (no upgrade) only NFS mount works fine. The umount command works only with root.
View 9 Replies View RelatedI have sound if I use aplay or start totem using sudo but neither have sound if I try aplay or totem as ordinary user. The groups command shows my user name is a member of the audio and video groups. If I look at the /etc/group file it also shows pulse as a member of audio group.
This is a command line install from the 10.04 Alternate CD to which I installed xorg, icewm, gdm, nautilus, synaptic, totem, firefox, gstreamer, alsa, pulse, and others. Every thing works except the user audio. Totem will show videos but no sound. Totem will play MP3 music files (show the cover art and the progress) but no sound. But it all works ok, good sound, if I start Totem as root.
What am I missing? I don't expect in depth help with this installation but thought maybe something would just pop out at someone?
I am using Ubuntu 11.04 and am trying to get Skype working for work. Sound doesn't work for random events. I ran Skype as root and the sound works perfectly. Can anybody give me some information on how do I set the permissions for the program so the sound works so I don't have to run the program as root?
View 1 Replies View RelatedIf I log in as root I can vi/vim a file with no problems. When I log in as a regular user I get the following error when I try to vi/vim.
[Code]...
Why does vi/vim work as root and not a regular user? Also what rpm's can I install to get it working?
i set up a dmz to have a internet web server and ftp server, and ssh only from local network, so i wrote a iptables script to load during boot :
[Code]...
The problem is that everything works fine ( i have the same rules for other services such as samba, nfs, mysql on another server) BUT ftp there is no way to make it work. not even locally.when i try to connect, i log in, but while listing the directory i get MLSD ... and it hangs like this for a moment, then i get error message "connection time out" , "impossible to list directory". if i turn off the iptables script no problem,ftp works fine.. but why all services work and ftp no?
how do i have to modify the rules? what is strange also is that if i set as OUTPUT policy "accept", the server seems to be offline."host unknown" error message. I was thinking the rule INPUT is fine cause at least i can login, but the dir list is not going out, so gotta modify output rules. or state?
gpsbabel has always been a little awkward to get going, but it works well once it does. Out of the box on Lenny, gpsbabel just gave errors for me reading from a garmin unit, and the required solution was two steps: firstly, remove (and blacklist) the kernel module "garmin_gps". Secondly, add a udev rule like this:SYSFS{idVendor}=="091e", SYSFS{idProduct}=="0003", MODE="0660", group="plugdev" and save this as /etc/udev/rules.d/51-garmin.rules.
Now, I never understood why or how that worked, but it did (on Lenny), straight away, and was listed as gpsbabel's solution here (I notice it now says MODE="666").
Anyway, now I'm on Squeeze and have the same problems again. I've blacklisted garmin_gps again, and it doesn't appear in lsmod.
I've still got my udev rule, but now gpsbabel fails as a normal user with the error:
I'm new to Ubuntu and I'm pretty sure I'm just missing something simple. I want to use Samba to share my raid array to all of my machines, so I have...Installed Ubuntu and created a single user: mattMounted my ext4 raid set with fstab:
Code:
UUID=78d85398-d179-4640-bb1b-f770ba90abb1 /media/Data ext4 defaults 0 0
Installed Samba (real Samba, I haven't touched the Nautilus-Share right-click thing):
[code]...
I can't get a program (wbar) to run directly from my user account, it fails saying "Image not found -> maybe using a relative path?". But if I run su -c "wbar", it shows up and manages to load the image. I think it has something to do with ImLib2 or whatever loads the image. I checked permissions on libImlib2.so.1 and it's world-readable and executable. Can libImlib2.a be causing this problem, set to 644? What else should I be checking?
View 2 Replies View RelatedI have a very strange problem.ometimes, yes sometimes not all the time, I get a Destination Host Unreachable when I ping a computer on my network. If I switch to root using su I can ping that same computer. Here is a screen shot:
joseph@laptop:~$ ping 192.168.1.14
PING 192.168.1.14 (192.168.1.14) 56(84) bytes of data.
From 192.168.1.9 icmp_seq=2 Destination Host Unreachable
[code]...
I have a really strange problem. I have a few files in a large directory that I want to make readable by everyone. So I try this:
sudo find readme* -not -perm -o+r -exec chmod +r {} ;
and get this:
sudo: unable to execute /usr/bin/find: Success
I don't know why it says Success, because the permissions were not changed. I verified by typing this:
find readme* -not -perm -o+r -exec ls -l {} ;
and get something like
-rw------- 1 root root 536871076 Nov 22 14:06 readme_20101122200429
-rw------- 1 root root 536871892 Nov 22 14:08 readme_20101122200642
-rw------- 1 root root 293458128 Nov 22 14:10 readme_20101122200859
as a last resort, I tried:
sudo chmod +r *
and got:
sudo: unable to execute /bin/chmod: Success
and again Success really means fail. So, I gave up and logged in as root and tried:
find readme* -not -perm -o+r -exec chmod +r {} ;
This time it worked. Why?
EDIT: /etc/sudoers looks like:
## Allow root to run any commands anywhere
root ALL=(ALL) ALL
##Me
user1 ALL=(ALL) ALL
I cannot find a post that matches this scenario...the id created during the install (from CD) of Karmic has fully usable sound. However, users created from the Users and Groups app do not.
I have made sure that all users are defined to the audio, pulse, pulse-audio, and pulse-rt groups. No luck.
I have followed every step I have read having to do with the alsamixer. No luck.
I have verified that alsa and linux itself are at the latest versions.
I recently bought a new wireless router (Cisco E1000) to use in my house. The E1000 supports mixed-mode 802.11n/g/b, which is what I have enabled. It is the first 802.11n router I've had. My netbook (an HP/Compaq Mini 110) only supports b/g. When connected to this new router, I can only see my status as root. NetworkManager shows a little red exclamation point, and 'iwconfig' shows nothing. It's missing in the 'iwlist scanning' list. Even still, I'm connected and can do everything just fine. However, everything shows up fine when I run 'sudo iwconfig' or 'sudo iwlist scanning'. These have always worked as a standard user before.
View 1 Replies View Relatedi'm running Ubuntu 10.04 server and want to turn on the pc-speaker warning-beep.I commented out the line in /etc/modprobe.d blacklist.conf:
#blacklist pcspkr
The beep is now working for root. But somehow it won't work if i log in as a normal user. (i don't know why, but if i install beep the beep-command works for all users...unfortunately beep seems not to make a warning sound in all cases so this is no solution for me)
I'm using fedora 12 and modified the user login options(normal and super user login). I've been using the accounts for a while but i've bumped into a problem - audio not working as a normal user but works when logged in as root. Also, i'm not able to use VLC as a root user.
View 1 Replies View RelatedI've added my public key to the remote machine's authorized_keys file, and I can ssh over without password. But when I try to mount the remote share using sshfs it -always- asks for my user's password. I have set sshd_config|PasswordAuthentication no
... and when I mount the share as root it says, "read: Connection reset by peer". My mount is being done as user, so it shouldn't be a root authentication problem:
sshfs#bill@droog://media/droogfuseuser,noauto,gid=6,umask=007,cache=no,ServerAliveInterval=15,reconnect,allow_other,comment=sshfs 0 0
I can't mount as user because /dev/fuse is not suid, and I'd rather not set it such.
I installed 9.04 clean yesterday to try and once again move from Windows to Linux and I thought I would give it a real try this time to learn the new OS. Well, right off the bat my wireless connection does not work. By default my WPA/WPK security was set on my router. My wireless adapter does connect to the router but there is no internet access. If I remove the WPA/WPK security and leave it open I can connect and I do have internet access but as soon as I re-enable WPA/WPK security I lose internet access. I even tried WEP security and same result. What the heck is going on with this? I am not going to leave my router unsecured but that seems to be the only way this works. I also upgraded this morning to 9.10 and same problem so this is not limited to 9.04.
View 4 Replies View RelatedI have a working LDAP-server (I belive!!) I want my laptops to authenticate against the server, when they logon. That works fine as long as the network is present. But I also want the users to be able to log on, when the network is down. When I go to a terminal (without network) I can su to another LDAP-user.I can login via graphical login-screen with the network attached, but not when it is disconnected.
In a terminal id john gives me information about the user john.
My conf. files looks like this:
/etc/ldap.conf
host 172.16.0.138:389
ldap_version 3
bind_policy soft
[Code]...
I know Ubuntu doesn't really become the receiving end of Virus and melware but IM one of those users that proves that there are virus out there for mac and Linux.Like a few years ago (back during 8.o5 Ubuntu i think i downloaded a hefty amount of software with out considering the recourse Thus I became the receiving end of a nasty Ubuntu target virus sucked and at the time it ruined my fun so i went back to the windows virus any ways I'M looking for a virus protector that works on Linux as I tend to be Very.. *ehem...* dumb when it comes to what not to download
so ya other then avg (i had that on windows virus and its awful)also could I get an idea of things NOT to download?
i have setup auto ssh login for my server. And it works, but only when i have a active connection. if i use "ssh server.com" it asks for my password. If i then open a new terminal and issue "ssh server.com" it logs right in. I really don*t understand whats wrong.
I have tried setting up 2 virtual machines on my local computer and with the same setup it works fine.
SOLVED: my home folder was encrypted, so when no users were logged in the home folder was unmounted
