Security :: In Search Of Fundamentals Of Hardening (Kubuntu System)
Mar 22, 2011
When I google this I get a million results, most of which are either too in-depth to be practical or advertisements for one solution or another. Is there a general guideline for hardening a linux (kubuntu) system? A set of steps say, to close all ports and disable all listening services like you would do to a windows machine? I can hardly believe that there are NO vulnerable points of attack on a default kubuntu 10.10 install. I don't know very much right now so I'm looking for something to fill in the gaps and translate my knowledge of windows (in)security into a holistic view of how the penguin operates.
View 5 Replies
ADVERTISEMENT
Jan 20, 2011
Which is the best remote linux hardening GUI tool.Is it possible to use that tool from windows system?
View 8 Replies
View Related
Jul 16, 2010
I just ponder can anybody shed some light to me how to manually disable service such as FTP,SSH,etc in which Bastille is doing.If all the services can be manually disable,which mean Bastille is just a tool to help newbies like me to use it.
View 9 Replies
View Related
Aug 14, 2010
I have a VPS (Ubuntu 8.04 server eition) and as such am stuck with using a software firewall.
i currently have UFW installed.
I would ideally like to have my firewall be a little rude, or rather just not polite. I know what i am asking will break the RFC, but i consider this ok due to the security benefits.
I would like to have my firewall
1) ignore (eg drop without responding)all packets that dont start with a syn flag
2)for all other traffic that is currently blocked, have it dropped (again drop it without responding)
If there are any other rules you can think of i would like to know them. I already have only the services i want open and the rest blocked.
View 7 Replies
View Related
Sep 1, 2010
I use my desktop (VM) for online transactions only (it has no other purpose) & have removed most software. In adidtion want to remove Archive Manager, Calculator, Multimedia systems selector, Printing, sound recorder, Terminal (gnome-terminal), terminal server client, Ubuntu One. When I attempt to remove the listed software, I receive a waring message "no future desktop updates will include if you remove this". I want to know if this will impact the updates for Firefox as this is the only app I need. Can you please advise on any other consequences if I proceed with the above?
View 2 Replies
View Related
Mar 27, 2010
I'd like to limit ps aux command outputs to current user only(the one, who invoked "ps". I've recently saw this feature on FreeBSD systems and on at least one Linux system running on shell.sf.net. I run Linux 2.6.33, I wanted to know how to make that. Any advice? Googling around wasn't too successful, perhaps I don't know how to query that, recently tried with "limit ps outputs" "ps aux current user", etc... had no luck.
View 2 Replies
View Related
May 31, 2011
So I was following the majority of this guideand sometime last night my computer went awry. First all my icons went blank, and I was unable to open anything. I had to reboot, and upon trying to log back in as a user I got an error /bin/bash: Command not found. I tried removing the user completely and starting from scratch but I am unable to remove the /home/user/.bash_history file. I even tried with root. I'm at a complete loss, confused. I know I did have to chomd 644 the entire /etc directory because I was getting some permission errors there.
View 11 Replies
View Related
Nov 24, 2010
What are best freeware tools available for benchmarking and hardening of the Linux Server?
View 8 Replies
View Related
Nov 17, 2010
I run a compute cluster with only a few users. Occasionally a user will accidently run a job on the master node that runs out RAM/swaps then hanges up for a while.In /etc/security/limits.conf I have set memlock to 7.5GB (master has 8GB RAM) and maybe that is what lets the machine come back rather than hanging completely? Is this the right setting to physocally limit a single user from asking for more RAM than the system has and bringing down the system? Should I set this to 2GB or so or is there something else I can do??
View 4 Replies
View Related
Mar 16, 2011
I use Ubuntu, DSL, Puppy Linux, and PCLinuxOS. I bought the CD's and, not for the price by any means, wish to learn the ABC's of downloading - just to know how.
View 2 Replies
View Related
Apr 30, 2010
I've been looking for an aptitude command to search for security updates. This information is being shown when running the screen. So far I reached to this command: aptitude search '~S ~VCANDIDATE ~Asecurity ~U' It looks like producing the correct results, but I still don't quite understand the how the filter (~S) command works.
View 3 Replies
View Related
Jan 24, 2011
I'm looking for a script that can look for illegal scripts/services that are being run on OpenVZ VPS from the host node. Things like IRC, EggDrop, Brute Force scripts and such.
View 7 Replies
View Related
Feb 21, 2011
After discovering that the firewall was wide open I decided to finally study the iptables docs and learn how to add rules. Now, I've not yet finished reading guides and documentation but I'd like some advice before I set the default policy on the input chain to deny. I have added a permissive rule for the loopback adapter so that programs that use it do not become mute suddenly. I will also use netstat to see what ports to open for each program that connects to the internet. I'm not that interested in what ports to open but how to find what ports to open.
View 3 Replies
View Related
Feb 21, 2010
I'm using kubuntu-9.10-desktop-amd64.iso live (booted via grub2 loopback directly from iso on hd, in case that makes a difference). Processor is a E2180 which according to the Intel website supports the NX bit. I've enabled the option "Execute Bit Support" in the BIOS. /proc/cpuinfo shows both nx and pae in both flags lines. But dmesg says "Using x86 segment limits to approximate NX protection".
View 2 Replies
View Related
Jan 10, 2011
I am trying to install a proxy on my Kubuntu 10.10, since I live in a country that blocks access to almost everything. I tried to install squid, anon, socks.. both with command-line and KPackageKit, but every time, I have this error message:
[code]...
View 6 Replies
View Related
Dec 31, 2010
I have totally exhausted my search to find IPBlock. I use it on my other Ubuntu machines but for some strange reason I cannot find it anywhere for my Ubuntu 10.10 Maverick. I know where the iplist is but not the actual file IPBlock download
View 2 Replies
View Related
Jan 27, 2011
i have openssh on my box with kubuntu 10.10, i didn't install it and would like to know it's purpose being on here
View 4 Replies
View Related
Dec 7, 2010
Most of our machines have public facing and backend mgmt private nics(ie: 192 or 172 networks). I wrote a rule that matches source ip(our monitor on a 192 network) on udp 161 accept. I want to prevent listening on that port on the public. Is the source rule sufficient or should I match the interface and then source? I know there a many ways to do this. I need to verify from the public network with a port scanner?
View 2 Replies
View Related
Jan 18, 2010
I want to reload an application but rpmdrake won't remove the old one. When I go to reinstall it, it just reconnects the link with the same configurations that I don't want.I can't find the file in the package stats either. The search feature on my distro seems useless in comparison to a proprietor systems that I'm used to. Is there another search application that can be installed.
View 4 Replies
View Related
Jun 25, 2011
Well I'm kinda a paranoid person, and got bored and ran a port scan from 0 to 500000 and turned up some interesting results, I was wondering how I find the programs tied to each open port. Its my computer and I'd like to very well know what programs are needing these ports and for what usage.
View 7 Replies
View Related
Jan 22, 2011
I'have already installed OpensSuse 11.3.It's the first time for me in Linux and I don't know how to search in Yeast2 the properly files to add to the System.
View 2 Replies
View Related
Jan 25, 2011
I have installed java-6-sun on my Ubuntu 9.10 and now I wanna change the default system JVM search order. Based on the following instruction I should modify my /etc/jvm.
But there is no jvm in my Ubuntu, all I have is jvm.* which "*" refers to ".h" or other suffix. There is no "jvm" alone in my Ubuntu in order to do what the following says.
Setup the default Java version
Ubuntu Linux comes with update-java-alternatives utility to updates all alternatives
belonging to one runtime or development kit for the Java language. To select, Sun's JVM as provided in Ubuntu 7.10, enter:
$ sudo update-java-alternatives -s java-6-sun
You also need to edit a file called /etc/jvm This file defines the default system JVM search order. Each JVM should list their JAVA_HOME compatible directory in this file. The default system JVM is the first one available from top to bottom. Open /etc/jvm
$ sudo vi /etc/jvm
Make sure /usr/lib/jvm/java-6-sun is added to the top of JVM list
/usr/lib/jvm/java-6-sun
View 2 Replies
View Related
Nov 26, 2010
I have Ubuntu 10.4 on one system and I like it very well for having it just a short time. I have installed Kubuntu 10.4 last night on a older system and so far I am having problems learning the OS. I think its just learning the KDE. Anyway my system has a 850 mhz processor, 765 ram and 128 mb GeForce 5200 graphics card. Just would like to confirm my system would run it suffecient or I should go with something lighter. So far I seem to like Ubuntus Gnome much better but am willing to give KDE some time.
View 3 Replies
View Related
Dec 28, 2009
As I type this, I'm waiting (and waiting) (and waiting) for the Repair Tool Box, "Search For Lost Partitions" tool to stop running off of the install CD. I didn't actually mean to do that (I meant to select "repair file system!) and I don't see any way to abort it! How to I make it stop? (You can insert your best Deanna Troi voice there, if you like: "make it STOP!") Or do I just wait until sometime next week for this rascal to finish examining a THREE HUNDRED GIG partition, byte by byte . .. ?
View 3 Replies
View Related
Apr 13, 2011
this is the allert i got:Code:Summary:Your system may be seriously compromised! /usr/sbin/NetworkManager tried to loada kernel module.Detailed Description:SELinux has prevented NetworkManager from loading a kernel module. All confinedprograms that need to load kernel modules should have already had policy writtenfor them. If a compromised application tries to modify the kernel this AVC willbe generated. This is a serious issue.Your system may very well be compromised.Allowing Access:Contact your security administrator and report this issue.Additional Information:
Source Context system_u:system_r:NetworkManager_t:s0
Target Context system_u:system_r:NetworkManager_t:s0
Target Objects None [ capability ]
[code]....
View 5 Replies
View Related
Apr 30, 2010
But I feel like I should warn everyone that upgrading (with PackageKit) a Kubuntu 9.10 (64-bit) to Kubuntu 10.04 LTS, completely breaks the system and makes most everything useless ... In my case it found errors in the upgrading process, and also the bug rapport tools didn't work My 9.10 was only a few weeks old and I have done nothing unusual with the system. (My computer is a Compaq 615 laptop). If there are solutions to repair the system, then I would like 2 know.
View 3 Replies
View Related
Jul 25, 2010
I'm building a new system, and yesterday I tried to install kubuntu, but could only get it running using the nolapic option (noapic is not nescessary, and noapic without nolapic won't work). Now I have the system installed but can only get it running using nolapic and therefore without SMP (which is a no go for most people, including me).
When I try to boot without nolapic, the system goes just fine through loading the kernel and kubuntu (that is, until the end of kubuntu's loading screen), but when it's done with loading it displays the login screen and freezes completely. No input or activity whatsoever. Sysrq keys seem not to work either.
I've searched for similar problems but had little luck so far. I'm using a ga-p55m-ud2 mobo, core i3 530 (2 cores with HT) and an HD5770 (if this is relevant at all). I was hoping some of you experienced users could suggest some kind of workaround to the problem (maybe the kernel is configuring the lapics towards a lockup?) or instruct me as to how could I know what the system was doing right before stopping, in order to locate more specifically what's the problem.
I've never used linux as my main operating system (trying to migrate to it now), but I have some notion of it, even though I don't quite know how everything works, so I might not be familiar with some commands or parts of the system operation.
View 1 Replies
View Related
Jul 26, 2010
I just upgraded my old Kubuntu 8.(something)to the new 10.04
After upgrading, i cant find the system menu(The one usualy located down
to the left)
Also having a problem with my desktop resolution, its maxed at 800x640
according to xrandr, tried adding some lines as SU in command line with
xrandr, only get the message, cant find vga1.
My computer is a sony vaio FZ-260e
Its nvidia 8400gt(m) display adapter, and according to adept the
Nvidia drivers should be installed.
View 1 Replies
View Related
Aug 25, 2010
Is there a way to to check if the system has the available security updates installed? Specifically, I am looking to do this programmatically.
View 1 Replies
View Related
Apr 5, 2011
i guess this is an installation issue as i am newish to Linux and got a F14 laptop from a used/refurb store... Anyway it seem i have difficulty with getting GTK running or maybe it is WGET...?
i did manage to install apt-get and was able to run synaptics ... but now whenever i try to run synaptics it flashes the interface and crashes. i tried apt-get search wget and it says invalid operation search. i tried apt cache wget and get a crash box in the upper right corner... i tried apt-get gtk+extra-2.1.2-4.fc14 and it says invalid operation gtk...
All of which is frustrating my attempts to get the GTK interface to J working. Their script uses WGET which i also cannot get.
View 6 Replies
View Related
