I have been learning Linux for the past few months and just recently started with Bash programming. Using scripts it is possible to find users with duplicate UIDs but is there any way or script why which duplicate UIDs can be prevented altogether.
View 7 RepliesI was wondering if anyone knew about fdupes? What I would like to do is to delete duplicate copies of files that are not needed from my whole system.
View 8 Replies View RelatedI am trying to mount cifs through fstab but it is not working. I have an Ubuntu samba server and a Kubuntu client. The share from the server is one dir with subdirs having different permissions and owners/groups. When I do AS ROOT:
Code:
smbmount //192.168.0.254/share /media/maps/share -o username=toshko%pass
the output of the "mount" command is as follows:
Code:
//192.168.0.254/share on /media/maps/share type cifs (rw,mand)
The result is messed up owners with different uids and groups:
[Code]...
I am new to Fedora 10, and to SELinux too.
I would like to know how can I prevent from users with role user_r to connect to Internet with firefox.
Windows have many firewalls to prevent the system. But Ubuntu have few. Why is it so? Is it not needed to prevent Ubuntu or if it is prevented?
View 5 Replies View Relatedrecently my Apache server crashes very often; by watching the error log,I've notice several signs of intrusion.So, I think the problem can be a denial of service attack against my machine.My distribution is Debian Lenny.
View 2 Replies View Relatedhow to prevent same user from ssh to multiple linux server at a same time , anyone of you have the script or how to do that ?
View 16 Replies View RelatedI just made a script to read out /dev/input/event3 into a file (My keyboard is identified here [ Machine is a laptop which runs on slax-atma distro ]). Then used a hexdump to convert the binary into hex. After that used a gwak script to print out the keys corresponding to each keyboard input. So now when I put this in my rc.local , It is taking down all the keys I press. Including login passwords (In short, each and every keys I press).Isn't this a big security risk, because intruder who has a physical access to my machine or has root password can put this file in rc.local and run a script to mail him all the details like my passwords, account and PIN numbers.
View 14 Replies View Relatedhow to prevent the execution of the following commands or how to set a policy or rule that prevents the execution of the following malicious commands
dd if=/dev/zero of=/dev/sda
rm -rf /
I use the following method for preventing the users from changing their passwords , is there any other method other than this ?ls -l /usr/bin/passwd-rwsr-xr-x 1 root root 37140 2010-01-26 12:09 /usr/bin/passwdso we need to remove the suid for that command as follows :- chmod u-s /usr/bin/passwdnow normal users won't be able to change their own passwords - and only the root user will be able to do it for them.
View 9 Replies View RelatedI'm doing a research to protect my pc from physical access. What I'm facing here is that my company created a program for fedora 8 and plans to sell the unit away. We created a function where you can configure the program using any web browser from a network so we do not want anybody to have access to the fedora except for out personnel.
Based on my research, I've found [URL] this guide to protect people from accessing grub and single user. I am currently researching on preventing others to clone the harddisk. I would like to know if there are any other methods to prevent people from unauthorized access to fedora.
I have installed MoBlock as instructed here: [URL]
After installation I created my own list file in /etc/blockcontrol/custom-blocklist.p2p and have the following uncommented at the bottom of /etc/blockcontrol/blocklists.list:
Code:
locallist /etc/blockcontrol/custom-blocklist.p2p
The list contains the following 2 entries:
Code:
Yahoo:98.137.149.56
Google:74.125.47.147
When I do:
[Code].....
Recently I just noticed that the locallist rules seem to have no effect. I will always get "destination port unreachable" even if the locallist entry in blocklists.list is commented out.
However, whenever I try to browse to that IP, even when blockcontrol is on, even by typing the IP into Konqueror (not the domain name), it lets me go there every time. How can I know that my other applications will not to do the same thing? How can I lock this down and test it empirically to be sure?
I'm writing here because it's mainly a security issue even though it's rather kernel related.
I'm compiling my own vanilla kernel with an initramfs included in the bzImage. That image contains encryption keys for the rest of the system. Even though it's not for everybody the initramfs image can be extracted from the kernel, decompressed and the keys extracted.
I'm looking on a way to prevent this.
How do I prevent/disable a file from being copied?
I would want someone to be able to see the content of a directory, then open the relevant document, but just for viewing purpose. They cannot copy the file, either through copy + paste or File/Save As.
Is that possible under Ubuntu?
I am administrating a system with about 40 or 50 users, and we recently jumped ship from windows to ubuntu. Most of my users are getting along fine, but it seems every few days, i have to help someone who accidentally changed something, and now their account (or more rarely, the machine) is unusable, and has to be reset.
I know configuring /etc/sudoers is a huge step toward fixing my problem, but that still will not completely solve it. What I would like to do is prevent users from making ANY changes to the system (aside from their work files and the like), including themes, icons, desktop, background, etc.
This is an excerpt from the Linux man page for mktemp command: "mktemp is provided to allow shell scripts to safely use temporary files. Traditionally, many shell scripts take the name of the program with the PID as a suffix and use that as a temporary filename. This kind of naming scheme is predictable and the race condition. It creates is easy for an attacker to win. A safer, though still inferior approach is to make a temporary directory using the same naming scheme. While this does allow one to guarantee that a temporary file will not be subverted, it still allows a simple denial of service attack. For these reasons it is suggested that mktemp be used instead."
- How can a denial-of-service attack be carried out if a directory name is known?
- Why is it important to use mktemp to generate a sufficiently random file/directory name for temporary files?
I've a Linux box with few users (with shell). I would like to prevent normal users see all the processes running on the box. How can I implement this?
View 1 Replies View Relatedi set up a ubuntu server (10.04) with LDAP, Kerberos and NFS4. Did a set up for a client (ubuntu desktop 10.04 32 / 64) to connect to ldap, kerberos and nfs4-mount. All is working fine except of the idmapping. Some uids are not mapped to names. the entrys, which cannot be mapped, change. so 10 minutes before the uid was mapped to the correct name, after that time (i'm not sure if it's exactly 10 minutes) the name is mapped to nobody. sometimes the gid cannot be mapped too.I mount the nfs-share via nfs4 with sec=krb5 (krb5i or krb5p result in the same problem) and after successfully mounting the device, i type ls -la. i never have problems with getent passwd or with logging in as ldap-user. i get all the entries of the ldap-db and i also get kerberos tickets. All is working fine with nfs3, but i would like to use nfs4 for security-reasons.
if i run the rpc.idmapd with many "-v" i get the following messages in the daemon.log-file:
Code:
....
rpc.idmapd[15953]: nfs4_name_to_uid: calling nsswitch->name_to_uid
rpc.idmapd[15953]: nss_getpwnam: name 'test@DOMAIN.TEST' domain 'DOMAIN.TEST': resulting localname 'test'
rpc.idmapd[15953]: nfs4_name_to_uid: nsswitch->name_to_uid returned 0
code....
the first part is the response to a correct name-to-uid-mapping the second part is a failed one. both user exist, both users have the same ldap-entries (except of the different descriptions, uid and so on). the responses have the same timestamp, so the reply is in (nearly) the same second.
restarting the idmap-daemon every 5 minutes or other workarounds are not practicable in normal operating environment.
I want to prevent users changing the wallpaper, as i couldn't found any direct method I thought of preventing the /usr/bin/gnome-appearance-properties being running,
I know that the user also can set the wallpaper without running that . But didn't found any other way .
I tried to use SELinux to it and I'm stuck at writing a own policy.
According to SELinux, it prevents everything ., but as i have mapped the user to a SElinux user ,even though he can use administrative tasks , he can run the appearance window. that means he has got the permission from a different policy , Currently I'm stuck at this place.
Suitable way to prevent the wallpaper being changed by the normal users.
I have Ubuntu 8.04 as virtual host. On this host I have installed VirtualBox virtualization software. I have installed Windows XP as virtual machine and installed HTTP server.I would like temporally disable all network connections to host and virtual machine.So on Ubuntu host I have set firewall settings:
Code:
sudo iptables -F (to flush - delete all firewall settings)
sudo iptables -P INPUT DROP (to disable all input traffic)
[code]....
The ability to manually boot using the Grub command-line constitutes a big security risk in Linux, IMO.Any OS can be booted in this manner from a PXE-LAN, USB, or CD/DVD drive, circumventing BIOS-imposed boot restrictions. (Once a foreign OS is booted, of course, it can be used to access any part of an unencrypted hard drive.) Placing passwords or locking menu items (in the Grub configuration files) does not prevent a user from booting manually using commands entered at the grub command-line.
As it stands now, when presented with the Grub menu (or after bringing up a hidden Grub menu with the "ESC" key), a user only needs to hit "c" to enter the Grub command-line mode to facilitate any type of bootup whatsoever. (They can then enter manually the Grub commands to boot an OS on any device.) This is extremely insecure and allows any passerby to boot the computer with a few keystrokes and a bootable USB drive. How do I configure Grub so that it will require a password in order to enter the command-line mode (and thereby restrict boot options to the menu, which can then be password protected/locked) ?
I have a batch job which logs in to the server every 10 minutes via windows rsh. The job checks to see is there are any files that need to be send via a EDI serverto a supplier.The following logwatch report is swamped with the login messages and would like to either suppress the logging in PAM? or suppress the entry in the logwatch report?But I still want logging id the username is not username1.Connections (secure-log) Begin rshd[1754]: pam_rhosts_auth(rsh:auth): allowed to username1@10.0.0.1 as myedi
View 2 Replies View Related'readonly HISTFILE'
but the user could tamper with the histfile itself. Like:
rm -f $HISTFILE;
rm -f $HISTFILE; mkdir $HISTFILE;
rm -f $HISTFILE; ln -s /dev/null $HISTFILE;
I'm experimenting with PROMPT_COMMAND to execute a command each time the user executes a command and so log it somewhere else.This post was pruned from the 2009 Is there a way to prevent users from changing or unset their HISTFILE variable? thread. Please do not resurrect old threads but instead create your own (and maybe provide a link to the old one).
After install glibc-2.10.1-4 (x86_64) package, i couldn't run the qemu-kvm anymore.
SELinux is preventing qemu-kvm (svirt_t) "setrlimit" svirt_t.
SELinux prevented pt_chown from using the terminal 0.
Intrepid Ibex (U8.10) is what I am using presently and I would like to know if there are measures that I can take to prevent my ISP from keeping data that flows between my PC and it.
I am living in Australia, I am wanting to keep the bastards (read: Australian Government) ignorant about what I use my PC for.
Its them storing any of my personal information that I am worried about, but if I can keep my history from them completely, even better...
The title says it; I want to prevent users from viewing the wireless network password.
View 9 Replies View RelatedI was searching around and I stumbled upon a Linux Kernelix Sockets Local Denial of Service exploit.I downloaded the exploit, compiled it ran it to check if I am vulnerable.As I was expecting, the exploit instantly "killed" my Maverick system and I had to use the power button to reset my computer...Is there any way to limit the numberof allowed open sockets?I don't think that this can be done using /etc/security/limits.conf in a similar way of preventing the fork bombs
View 1 Replies View RelatedI'm using Gnome and I'd like to still have the ability to reboot/shutdown from one particular account as well as root. How would I modify the chmod command to add this ability?Also, I have a few users who just will hold the power button in to shutdown the machine. How can I keep them from doing this?// Pruned from the vintage 2007 Prevent a non-root user from shutting down, rebooting or suspend the system thread. Please create new threads instead of resurrecting ancient ones.
View 2 Replies View RelatedSo I am basically just curious about this, but is there a way to prevent fork bombs from bringing the system to grinding halt in Ubuntu, without setting hard limits on the resources available to users? I read about fork bombs on Wikipedia, and being the masochist I am (and not having any unsaved work), I tried entering those 13 characters into terminal. Wow. I have never seen a computer freeze up so fast.What really peaked my curiosity is that the same fork bomb has almost no effect on the performance of Mac OSX (10.6). I know that one can limit the availability of resources to specific users. Is that essentially what Snow Leopard is doing?
View 9 Replies View RelatedHas anyone tried encrypting the boot partition to prevent the kernel from being modified. Iv tried following this but I'm running into issues when building. [URL] Im using the source from bzr checkout [URL] Last time I tried I screwed grub and it wouldnt boot.
View 9 Replies View Related