CentOS5.x We have a auto backup system that rsyncs all our vital data to a backup server over our network. The final step in this is to get the backup server to rsync with one of our remote sites for the off site backup. We have lately been visited by the boys from .ru and .ro due to good passwords we have managed to keep the visitor out of the network, we also changed out ssh port away from the default for better security.
We would like the backup system to be totally automatic, when I was reading up on the bruteforce attacks I read recommendations that we should have ssh that need passwords to be manually inserted for extra security. How secure is sharing NFS folders over the internet. we would configure only one host to have access to the share is this enough for us or should we think deeper here.
Was enjoying my new experiences until I tried to access/see my OpenSuse 11.4 install (Within VirtualBox on Windows 7)I can surf the net and download packages etc but from Windows 7 the Virtual OpenSuse7 does not show up.I know the windows network works because I also have Ubuntu10.4 on VirtualBox and that I can see and access fine.Change to OpenSuse and it all goes down the tubes, doesnt even show up in the Network on Winsows 7With Ubuntu I have etho setup to use DHCP automatically.I've tried numberous settings unsuccessfully on Suse and I think in the process have probably changed something incorrectly, but it didnt show up in Network places even before I started fiddling.Settings within Network Settings are:
1) Global options Network Setup method: Tradional with ifup IPv6 Protocol - Enabled
it's driving me nuts. Done a few things now, including this last: [URL]that didn't work. All the other comps in the house are windows 7, and I want this box to be my file server, with two 1 TB HDD plugged into it via USB, but I can't get the damn samba to allow access to everyone. Here's the path in the config file:
[data] comment = Test sharing path = /media/Shared
I have internet on my ubuntu machine (eth0) I am sharing with (eth1) My windows computers are getting IP addresses via DHCP from the Ubuntu Machine, and I can see (and use) samba/windows shares on all computers.Internet connection is not working on any of the windows computers. I have eth1 set to "shared to other computers" under the IPv4 settings
Trying to setup a Kerberos + OpenLDAP server to manage users for our Samba shares (was going to use just OpenLDAP, but apparently it is less secure than using Kerberos with it). (Distro: CentOS 5.5) Haven't even gotten to the point of connecting either to Samba yet. I have set up a Kerberos server, and configured it as necessary. I am happy that it is working as intended, as I can login and manage principals from both the local terminal and remotely on other clients.
I have setup a server (sv1.myhost.net), and configured it to talk to Kerberos (auth.myhost.net). I have created both a [URL] principal, and a testuser principal. I have set the password on the testuser but not on the host/sv1.myhost.net. I have added the keys for both users to the keytab file on the sv1.myhost.net. I am at a Windows 7 machine (on the same internal network), and have installed the Network Identity Manager. It is able to request a ticket successfully for the testuser account.
When I use putty w/GSSAPI (0.58) to remote login to the system, it says using 'testuser' and then just hangs there. Eventually putty connection times out. The fact that both machines can connect to the auth server to communicate with kerberos correctly suggests firewalls are correct. The relevant entries in sshd_config have been uncommented to tell srv1 to use Kerberos authentication.
Conky can be used to display a variety of information on the users desktop. I wanted to use Conky instead to display the current status of security as reported by:
SANS Internet Storm Center IBM Internet Security Systems Symantec Threatcon McAfee Threat Center
I therefore created 4 small scripts which download the current status from these sites, and set the colour of those status's depending on the current value.The conky configuration allows for a semi-transparent background - though this is optional.Attached is an example image showing the 4 different colours.Also attached is an archive with the 4.sh files, .conkyrc and draw_bg.lua (from here http:[url].....
I run opensuse 11 at work. I'm trying to see the list of shares on a "server" that is running windows server 2000. If I try smb://server, it doesn't show any shares, but I can browse directly to it such as smb://server/share1. If I use smbclient, it returns the list of shares correctly. I guess I just don't understand why smbclient shows the list of shared folders, but nautilus cannot.
I am working as a Linux administrator in a very small data centre with 5 servers with following routine tasks.
1. Managing SAMBA shares and giving user specific access for the shares. 2. Scheduling backup of some mount points with rsycn to store data in remote hard disk 3. User and group administration, with sudo access. 4. Creating and Managing Xen Virtual machines and giving access to other project teams. 5. Automating some tasks with Shell Scripting. 6. Managing FTP server for user uploads.
I have practiced a lot in my home laptop without RHEL training, Cleared RHCE and LPIC1. I want to do some advanced system admin tasks, but do not have option in my current data centre. With Above skills is it possible to get a job ?
Do you know guys are there any good reliable Internet security or Anti virus software for ubuntu OS? Don't tell me linux is virus free os. I have dual boot PC so i want some security suite for that?
Does anybody know if there is a quick and easy way to simply disable samba security to avoid "Access Denied" errors when trying to access shares via Windows XP?
I chose not to use a security key upon installation to access he net but now wish to change this.I do not understand the help section.It has a login key but I don't understand how it works or how to edit or see what the command for it is
I am giving 10.04RC a try instead of Windows 7, so far so good. I can connect to my network shares fine using "Connect to a Server" & bookmark with the file browser, however when I use OpenOffice writer Spreadsheet to open/save files the shares disappear in the"Open/Places". Is this a bug in Ubuntu or Open Office? Is there an update/fix?
I am running UFW, which is set to deny everything but SSH on port 22, OpenVPN on port 1194 and HTTPS on port 443. SSH is set to only allow private key logins, and the root account is disabled. I have AppArmor running for all of my daemons (OpenVPN, Apache2, OpenSSH) and I have Fail2Ban running.
Is there anything else I can do to secure my server from the Internet (it is directly connected, there is no NAT between the Internet and my server).
Today I noticed my Desktop was being controlled remotely from over the Internet even though I had it set for 'local network only'. Foolishly I relied on this setting and hadn't specified a password or other security. The remote user had opened my Firefox passwords page and was perusing this when I pulled the plug.
All external checks confirmed that my router/firewall is actively blocking correctly. How could this happen? How can I prevent this in the future? I had recently install the Firefox extension for Weave Sync and wonder if that had anything to do with it?
I administer a desktop computer with ubuntu 8.04 in an university library. Since it works almost all night, to enable students to study, after some time I noticed some misuses of the computer during the evening, when there isn't many students. My goal was to disable users from accessing internet from 7pm to 7am, but also enable it if certain user was logged in (I use that user for torrent, and I seed on that computers from time to time). So I created a script that's being called by root's crontab, and here is the script's code:
Code: #!/bin/bash NUM=`who|grep myuser|wc -l` #echo $NUM if [ $NUM -le 0 ]; then /sbin/ifconfig eth0 down else /sbin/ifconfig eth0 up fi
Since I created the script, I actually never seeded anything, so I'm wondering now if that's going to work at all, and (also) is there a better solution for this.
I was hoping to set up a Kubuntu 10.04 Chroot on a PC with no internet access (I only have dialup anyway, not Broadband). All the information I have been able to find refers to downloading debootstrap in order to do this.I purchased a set of DVDs with all of the Ubuntu packages on them and created a single repository of them on my harddrive.Is there some way that I can create the Chroot using the packages on my hard drive without having to access the internet to download stuff as I do it?
I use vpntunnel.se and followed their tutorial for OpenVPN and it connects and assigns an IP. However, once the sequence is initiated and I open my browser I cannot connect to a webpage and get a "cannot resolve" error. I e-mailed their support and they suggested I change the DNS of my network settings. I did that but the same problem. Once I close OpenVPN my internet works again. It works in windows, so I know it is not my router...I use a wireless connection with my router. I don't know if this has something to do with anything...
I typed this into the command line:sudo iptables -A INPUT -p tcp --dport 80 -m time --timestart 12:00:00 --timestop 23:59:59 --days Sat, Sun -j ACCEPTI get this error:iptables v1.4.4: unknown option '--days'How do I do something similar above in which I allow the internet to start at 12 o clock on Saturdays and Sundays
I was wondering if there is any way in Linux in general and Fedora 13 in particular to configure system so that any service that needs access to internet will have to ask for password/permission to do so. So that I can
are there any programs that will protect my computer on the Internet. Just started using fed 10 from windows so i am not sure what i need to do. I am using an acer aspire 5630 laptop.
I have several Proxy severs set up at our business. I always do the same basic config, except for my version of Fedora (I always grab the newest).
I put 2 nics in a machine Load Squid, Dansguardian and Firestarter. I use Firestarter to direct the surfing traffic from my LAN out a cable modem that I have for each store. This lessons the bandwidth on the T1.
Easy enough. My problem is Firestarter has always been a little flaky. But as of F11 the gui wont stay up for more than a few minutes at a time. It still functions, but you have to be quick if your going to use it because it will inevitable crash.
So I suppose it's time to start doing this the correct way and using IP Tables. Does anybody have a resource they can point me to that will help me understand how to do this? It looks like this might be as simple as setting it up with the GUI Firewall tool that comes with F12 but I'm still not exactly sure how.
These files seem to contain browsing history: ~/.mozilla/firefox/xxxxx.default/cookies.sqlite ~/.mozilla/firefox/xxxxx.default/formhistory.sqlite ~/.mozilla/firefox/xxxxx.default/downloads.sqlite ~/.mozilla/firefox/xxxxx.default/places.sqlite ~/.mozilla/firefox/xxxxx.default/places.sqlite-journal ~/.mozilla/firefox/xxxxx.default/Cache/
Therefore I have cleared these files using an erasing program. I am wondering if there are other locations where such log files are stored for Internet browsing. I have looked in the /var/log directory and cannot see anything - for example doing a grep on http:// after browsing in Firefox does not reveal anything obvious.
Is there a way to create a guest account and have Ubuntu "automagically" limit the amount of time the user can access the Internet? So, for example, could she set up an account for her son and limit his Internet access to an hour at a time?
What's with todays updates? Webkit librarys and Firefox updates. Was there a security issue that's just recently been fixed? Just wondering, I'm obviously going to install them.
I am running ubuntu 10.10. I recently enabled the firewall and installed Firestarter to configure it. Bad decision apparently. I can't connect to the internet using Firefox unless I first stop the firewall using Firestarter. After I do that, Firefox connects to the internet just fine.
If I uninstall Firestarter, will the ubuntu firewall function as it did originally, before I configured it? Or will it continue to function the way it does right now, which doesn't allow me to connect to the internet?
i installed many security programs as a switching from windows guy and decided to get rid of them last night. I uninstalledgufw, clamav(and all based packages), firestarterusing synapticbefore i rebooted the system the internet was well and working. but after i rebooted i had no internet access;firefox couldn't retrieve, update manager and apt-get couldn't connect.the computer knows it's connected to the router i see the connection established sign but I can't even connect to the router by typing "192.168.2.1".the computer can ping itself(127.0.0.1) but can't ping itself in the network (the dhcp address is 192.168.2.3) and replies "operation denied" or something like that.I rebooted using live-cd and connected with no problems; the my internet connection is fineany thoughts will be appreciated P.S.: I did a fast check on the forums and couldn't find anything related; i didn't check thoroughly though.
I'm running Natty and have made two logins on the system. One for myself and family and one for the kids (teens 14-15yr) to play in without Internet access via Admin "Users and Groups". I have hidden the Internet software icons on their screen amongst others i don't want them to see on the menus. On our screen I use a Firefox addon called "Web Of Trust" that can be configured easily for the kids and another addon called 'Blocksite' that I can selectively use for them and myself etc.
I have found out that they have still been able to get on to the net somehow under their login. Will have to observe again!! In the users settings for the kids the tick box for 'Internet'and 'use modem' access is un-ticked so I presumed that would be enough! Not so!!
