Security :: Mounting Centralized NAS Server With NFS?

Mar 24, 2011

- we have a bunch of linux servers.

- lots of users work with linux Desktops. They use them as testing servers.

- All the infrastructure has the Authentication services linked by Quest Auth Services againts an AD. This gives us the option of logon scripts, startup scripts, and other things.

- One interesting option this Quest thing gives us is SUDO management. We can edit sudoers file by GPO politics.

- Now we are deploying a NAS server from Hitachi with cifs and NFS mapping capabilities.

- Servers are managed by IT, so nobody can go root except us.

- Desktop users will also mount the NFS shares so they will be able to work with real data and read their own data from servers.

- Desktop users can go sudo su.

- If desktop users go from root to another user, the NFS let them work as they where the other user.

I would like to keep them from swithching users, but only between AD users, they must be able to switch to apache user or postgres user.

View 4 Replies


ADVERTISEMENT

Security :: Centralized Authorized_keys (AuthorizedKeysFile) For Sshd

Mar 9, 2010

I have a RHEL server with users logging in via ssh. I want to start using public keys instead of passwords with ssh. But public key is as good as a rotten tomato if it is unpassphrased and I cannot guarantee that all users will use passphrases. Therefore I will generate both private and public key on the server and will distribute the private key to the user via user-friendly web interface and thats where I will force them to use passphrase. I know they can change later the passphrase or remove it totally but my users are not so advanced.

So now I am trying to setup a centralized authorized_keys file with to be able to make them only root writable so they cannot put their own public keys on the server , it will be handled by scripts. Now the actual problem. I created /etc/ssh/keys directory instead of ~/.ssh and changed AuthorizedKeysFile to /etc/ssh/keys/%u in sshd_config But when I try to connect with the key I get the following error in the logs (after enabling DEBUG3 in sshd_config)

<CUT>
Mar 8 15:22:28 stagesmpp sshd[12248]: debug3: mm_request_receive entering
Mar 8 15:22:29 stagesmpp sshd[22358]: debug2: channel 0: rcvd adjust 33544
Mar 8 15:22:30 stagesmpp sshd[12248]: debug3: monitor_read: checking request 20

[code]...

View 2 Replies View Related

Security :: Mounting FTP Server As /backup?

Jan 27, 2010

I want to be able to mount an ftp account to a local folder, I have set up a ftp server that is working fine, I have tested it with a few windows ftp clients and it works fine. I am trying to use CurlFtpFS to mount it to /backup as I know it is supported but am running into an error I cant get around. I have tested that my box can access the server using the ftp command, see below

Code:

root@Fileserver:/# ftp 192.168.1.254
Connected to 192.168.1.254.
220 (vsFTPd 2.0.6)

[code]....

but when I try to use CurlFtpFS I get a Error connecting to ftp: Access denied: 530" error, see below

Code:

root@Fileserver:/# curlftpfs ftp://192.168.1.254
Error connecting to ftp: Access denied: 530
root@Fileserver:/# curlftpfs ftpuser:ftpPa$$w0rd@192.168.1.254 /backup

[code]....

View 2 Replies View Related

Software :: Centralized Log Server With Web Gui?

Sep 24, 2010

I want to set up a centralized log server, and I have several requisites:

1. The ability to view multiple log files via a web interface or browser.

2. The server's ability to send e-mails to the administrators when a critical condition occurs within the log files.

The logcheck application seems like a good start. However, it does not have a web gui so I was wondering if anyone can recommend a program that either works with logcheck or has the above two requisites on its own.

View 2 Replies View Related

Server :: Centralized Management For Squid And Dansguardian?

Mar 18, 2011

I have around 9 squid proxy servers and going to deploy Dansguardian on all of them. But I feel managing individual copy/server would be an tedious job hence please let me know if any one aware of centralized management solution for Squid+Dansguardian? Or if not let me know if you are aware of any such other Open Source product.

View 1 Replies View Related

Server :: Run A Homeserver Here For Centralized Data Storage?

Oct 8, 2010

i want to run a homeserver here for centralized data storage and more...features required:

client compatibility with most Linux distributions, MS Windows 2000, XP, Vista, 7, XBOX!
harddisk shutdown if not in use (got some real noisy ones)
easy administration?! (maybe web-based?)
security! no files or folders over the internet (yet)

[code]....

View 1 Replies View Related

CentOS 5 Server :: Centralized Storage For Windows And Clients?

May 26, 2011

I have setup openldap and samba for authenticating Windows and Linux clients on my server. They are working fine. Windows users are getting authenticated through server as Primary Domain Controller and Linux clients directly from Openldap directory. But I have little problem that is I want to mount home folders created on server to be available on clients so clients get a centralized storage with some quota on both Linux and Windows clients. Can you help me please how can I do that.

View 3 Replies View Related

OpenSUSE Network :: Network Login Starter - Set Up A Server - Centralized Username And Password

Jan 21, 2010

I'm new to networks and servers, been using Linux on the desktop for a while now but always relied on the company's IT guy for setting up everyting LAN-based.

Now I want to build up my home LAN, and want to do it with Linux. I've managed to set up LAMP and file share servers.

What I am looking for is information on what I need, and how to set up a server for the following tasks:Centralized Username and Password, that when the user logs into any one of the desktops in the LAN, it uses this for authentication

Something that allows this authentication to be utilized in other servers (file access, web access, router logging, etc.). Something to make it easier for continuing permissions from one service to another. e.g. I have IPCop filtering content, and it has provisions for tracking who is making which request if there is authentication going on. (optionally) to run a script for mounting Samba shares or mapped network drives so from one system to the next. For example, in whatever box somebody logs in, it mounts a server share ("smb://Myserver/users/<username>") to a local folder ("my_user_share").

So;user "fred" ="smb://Myserver/users/fred" and user "wilma" = "smb://Myserver/users/wilma" but both would find their respective one mounted under "~/my_user_share". This would be irrespective of which box they are loggin in with. If the server share location changes (new server/servername), I change it on the server so the next time they log in it points to the right place.

I guess it is similar to Window's Active Directory, though I'm not sure what it's called, how to configure it and what it is and is not capable of doing.

View 2 Replies View Related

Security :: 10.04 Doesn't Ask For Password When Mounting?

May 15, 2010

when i would mount a drive (internal, external, ntfs) in 9.10 it would ask for the root password. now 10.04 doesn't do that. how can i go back to that scenario?

View 4 Replies View Related

Ubuntu Security :: How To Disable Drive Mounting

May 11, 2011

I wish to prevent a user account with sudo rights from mounting attached storage, i managed todo this with ubuntu Version 8 using gnome-polkit i think it was, however i'm not able todo this in 11.04 now , has anyone got a direction i can look in, i googled alot but my searches all come up with auto mounting or how to mount drives

View 1 Replies View Related

Security :: Disabling Networking And Mounting Capabilities?

May 31, 2011

I'd like to modify a linux distro, specifically Puppy, so that the drivers/mechanisms for mounting local HDDs and Networking is Disabled completely. A step further than simply disabling "auto-mounting" at boot time, I don't even want mounting to be possible (at least by default).Likewise, further than just disabling network devices, I'd like to remove the ability to use network devices. How are these "mounting" and "device drivers" mechanisms implemented, where are they, and what are my options?

View 14 Replies View Related

Security :: Define An Appliance Based On Suse For An Application Server And Web Server Apache - Best Network And Security?

Feb 6, 2010

We are trying to define an appliance based on Suse for an application server and Web server Apache, so we would like to know configuration best practices for network and security, is there any paper/doc about best practices?

View 3 Replies View Related

Ubuntu Security :: Password While Mounting Disks In Lucid ?

May 9, 2010

In Ubuntu Lucid 10.04, when I click a disk in the left panel of Nautilus for the first time, the disks are getting mounted without asking a root password. This was not in the case for the previous versions of Ubuntu. how can I turn this feature on in Lucid.

View 9 Replies View Related

Ubuntu Security :: Different PWD For Login And Mounting Encrypted /home

Nov 13, 2010

I've just reinstalled my box with an encrypted home (used the encrypt home option when installing). I have a query in this regard - suppose I lose the box. Won't it be possible for someone to drop into root, reset my passwd and then access my /home. Is there anyway of having a different passwd for accessing /home? My ~ is on a different partition from /.

View 3 Replies View Related

Ubuntu Security :: Disallow Users Mounting NTFS Volumes?

Nov 13, 2010

I have a system, I want only my sudoer account to show and automount NTFS partitions under 'Places' in Ubuntu. Simply, they shall not have access to mount it. Only my main sudoer user account shall take advantage on this show-and-possibly-automount feature of GNOME, but not anyone else.

View 6 Replies View Related

General :: Is NIS Okay For A Centralized Working Environment

Jan 18, 2010

I am working for a web hosting company. We work in red hat linux environment and the employees at present are having their data stored in individual systems. We wish to have a centralized environment, so that users can log in to a server with their user names irrespective of the systems they will set. Also, this could facilitate easy backup. we have about 70 systems, 90% linux machines. The number will grow in future. I am good in NIS, but not at all with LDAP. Is it okay if I suggest NIS?

View 2 Replies View Related

Software :: Centralized Syslog In Solaris 10

Jun 21, 2011

I want to implement centralized syslog server for my linux servers in order to log successfull logging and failure loggings.But Still I coudnt get the authentication messages.

View 3 Replies View Related

Debian :: Internet And Firewall - Centralized System ?

Jul 17, 2010

We have a setup of around 10 computers with 1 linux server... We want to convert it into a centralized system where firewall services are activated from the linux server and certain websites are restricted from acess for the workstations.. Are there any good softwares for this.. open source preferably... I'm using debian already for the web server and file server already....

View 7 Replies View Related

OpenSUSE Network :: Centralized Address Book

Oct 14, 2010

I would like to build a centralized address book for my SOHO server. Is that possible without the use of openLDAP (I would like to avoid that)?My clients will be:Thunderbird, KMail (for KDE 3.5) and webmail.If so, do you have any suggestions/Howtos?

View 4 Replies View Related

Networking :: Centralized Authentication For Existing Network ?

Apr 29, 2010

This is what I have... An existing network with about 2 dozen Linux servers, varied distros, and about 3 dozen workstations, the vast majority of which are Windows XP pro, but there is one Windows Vista business, two Ubuntu, one Mac, and soon to be a Windows 7 pro. User accounts vary across all servers. There are 4 samba servers hosting different file shares.

This is what I need to do... I must centralize the user password database for all workstations if possible, if not, at least for all the windows workstations. I also need the user passwords for the samba file shares to be synchronized with those of the workstations. I need to have the workstation/file-share passwords expire every 90 days. I also must centralize the user passwords for all Linux Servers, but this can be done separately and I know there are tools like Kerberos available for this.

Is this possible to do with so many user accounts already existing in so many different places on the network, or would this "centralized authentication" require new user accounts to be created across the network?

If this is possible, what tools/services are the easiest and fastest to set this up with? As usual, I have an urgent deadline looming over me for this project and am trying as hard as I can to avoid the company slipping back into the realm of M$ or other proprietary software to accomplish this. Keep in mind, I don't need any additional services, such as roaming profiles, or anything like that. I really just need a centralized password database that can be referenced by Windows, and the Samba file shares.

View 4 Replies View Related

CentOS 5 :: Centralized Logins And Group Management?

Jul 23, 2009

I have to set up a box which can manage all the logins in our company and has the feature to manage every possible permission with as much comfort as possible. We are using Linux and AIX therefore my Boss is willing to switch from our Windows DC to a Linux DC. And here lies the problem, I don't really know what is needed to set the Box up to manage the Unix, Samba and LDAP accounts with one tool maybe?

I would like to know which Software exactly is needed and how to manage to get the thing to work together with a security aspect. I configured a Samba DC with LDAP, Kerberos and TLS but it looks like I overdid it because Kerberos is not able to manage the things we need in a manner that the other Admins in my Company would get things done in a short time.

Therefore I would like to get listed all the Software needed and maybe some How Tos how to get thing working, because I am losing my nerves on this matter.
In the last 3 weeks I have set up several test boxes but every time something doesn't work. My biggest Problem is to get Samba and LDAP to work together with TLS or another security scenario.

View 2 Replies View Related

Fedora Servers :: Samba And OpenLDAP Centralized Authentication

Aug 27, 2011

A time ago I've been trying to implement a PDC linux server with Samba and Openldap for centralized authentication for windows and linux clients, but I can NOT get it. So I read somewhere that there is another option called Directory Server and maybe that is possible to do. According to your experience do you recommend any 'how to' or 'tutorial' that will permit implement a PDC server for authenticating and sharing files and printers for windows and linux clients?

View 2 Replies View Related

Ubuntu Servers :: Syslogng Installation For Centralized Logging

Jan 29, 2010

I need to centralize the logging of several machine on one machine with syslog-ng.I'm currently using fail2ban for security enhancement and logwatch for log reports, which are based on file log on each machine. is it possible to keep local logging for fail2ban and logwatch (logwatch can be dropped, but not fail2ban). One other need is to move old logs to a ftp site for archiving, as in france we have to keep one year of logs.

Another thing I've seen, is that logging goes to a MySQL database instead of the filesystem which allow to have some nice feature as web frontend, search capabilities.how is it compatible with the ftp save?

View 7 Replies View Related

General :: Centralized Authentication Fedora/ubuntu/win7?

Jun 14, 2011

Is it possible/advisable to have centralized authentication across fedora 14, ubuntu 10.04, and win7 machines? I'm attempting to use 389 Directory Server on Fedora as the repository and not getting very far.

View 5 Replies View Related

Server :: Mounting A Storage Device Of Other Servers Using NFS On Another Server

Aug 2, 2011

Setup1: Two rack mounted servers with a common storage device serving as the home directories for users on the servers. The storage device is a gfs partition mounted on the servers as the home directory using SAS cables. These servers have RHEL 5.4 as the installed operating system.

Setup2: A standard tower server with Debian 6 as the operating system used for tape backups. This has a tape drive connected to it.

Question: How to mount the storage device of setup1 using NFS on the server in setup2.

View 1 Replies View Related

Ubuntu Servers :: Centralized Login And Remote Home Directories?

Feb 7, 2010

In my desire to learn, mess around and set up something useful on my home network, I'm looking for something that can do centralized login and remote home directories. When someone in my family logs in to a computer, windows or linux based, I want them to be able to use their credentials, then have their remote drive mounted and ready for use. I've looked over ldap solutions, attempted to set up an OpenLDAP server and realized I have no idea what was going on. Is an ldap implementation the proper way to go for my desired solution or am I barking up the wrong tree? I've just now set up OpenDS on a VM for testing but I need to do some research there.

View 7 Replies View Related

Ubuntu Servers :: LDAP - Centralized Log On Scheme Setup With 10 Computers

Aug 16, 2010

I'm trying to set up a centralized log-on scheme in a research lab with about 10 computers. It's looking like we're going with LDAP - this decision may be out of my control (but if there's an alternative that would be REALLY better, do let me know). My question is we don't really have a domain name, so when all the tutorials say cn=example,cn=com, I can't mimic this exactly. I've been trying to get away with just one, like cn=researchlab. Will LDAP work with just one, or do I need to invent a second also? On the flipside, will it work with more? Our server can be reached by
lab.department.school.edu, could I do cn=lab,cn=department,cn=school,cn=edu?

View 3 Replies View Related

General :: Centralized Location For Operating System Error Messages?

Jul 20, 2010

the thing that tends to draw out their frustrations the most are the error messages.

Things like "x.x not found, such and such can't continue" or "Unable to locate x.x", etc.

Well, of those people as I described above, a lot of them are fiercely independent people and would fix their own problems had they any idea what they were.

So, I had a thought that adding google or LQ.o search terms to the error messages, along with a link to the search feature, would be somewhat beneficial.

Perhaps with messages regarding missing files, then provide a link and message "To correct this issue, copy filename and submit it here -> url and download the package"

So I was wondering where I could find lots and lots of error message code.

View 3 Replies View Related

Networking :: Centralized Authentication For Windows Clients Using LDAP/SAMBA And LAM?

Dec 29, 2008

I have been able to accomplish my goal of creating an AD-like authentication using LDAP,SAMBA and LAM. From what I have seen you can have this type of setup but it doesn't allow the passing of group policies to the desktops of the users.

View 2 Replies View Related

Ubuntu Security :: Installing LAMP Server On Laptop - Security?

May 8, 2011

I'm concerned about security of having a LAMP server on my laptop as having any server makes the system less secure. However, if I were to create a new partition and install a lamp server on that and only use it when offline, would the security of my main partition be affected at all?

View 3 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved