Security :: Password For Services To Access Internet?
Nov 6, 2010
I was wondering if there is any way in Linux in general and Fedora 13 in particular to configure system so that any service that needs access to internet will have to ask for password/permission to do so. So that I can
I have a dual boot machine and recently did a fresh install of 10.4. It no longer asks for a password to access the Windows partition and I full access to it. This seems insecure to me and was wondering if someone else came across this. I thought I saw this topic discussed before but I can not seem to find it now. Is this a bug or a new unpleasant feature?I don't think it makes a difference but I do have a separate encrypted home partition on this fresh install. I have also done two fresh installs. (Well three...once testing out KDE but didn't try the Win partition. )
I am trying to give access to ONE single user to start and shutdown tomcat server. The problem being, when I enter syntax: username ALL= /etc/init.d/tomcat5, /usr/local/tomcat/webapps, PASSWD:ALL This gives the user access to start and stop tomcat but also gives user access to start and stop other services within /etc/init.d - such as httpd etc... What is the proper way to give user access to start and stop service, and limiting that power to only one service....
My computer is recently asking for my 'default keyring password'to get access to the internet. It never used to do this as I am single user and never created a keyring password as far as I know. I dont even use a login password.Luckily i tried my administrator password and that unlocks my keyring but I would like to get it back to no password or auto unlock mode.
running Ubuntu 10.10 and mozilla and seamonkey... Tried to access a website: [URL] and got the error: The page cannot be displayed You have attempted to execute a CGI, ISAPI, or other executable program from a directory that does not allow programs to be executed. Please try the following: Contact the Web site administrator if you believe this directory should allow execute access. HTTP Error 403.1 - Forbidden: Execute access is denied. Internet Information Services (IIS)
i installed many security programs as a switching from windows guy and decided to get rid of them last night. I uninstalledgufw, clamav(and all based packages), firestarterusing synapticbefore i rebooted the system the internet was well and working. but after i rebooted i had no internet access;firefox couldn't retrieve, update manager and apt-get couldn't connect.the computer knows it's connected to the router i see the connection established sign but I can't even connect to the router by typing "192.168.2.1".the computer can ping itself(127.0.0.1) but can't ping itself in the network (the dhcp address is 192.168.2.3) and replies "operation denied" or something like that.I rebooted using live-cd and connected with no problems; the my internet connection is fineany thoughts will be appreciated P.S.: I did a fast check on the forums and couldn't find anything related; i didn't check thoroughly though.
I'm running Natty and have made two logins on the system. One for myself and family and one for the kids (teens 14-15yr) to play in without Internet access via Admin "Users and Groups". I have hidden the Internet software icons on their screen amongst others i don't want them to see on the menus. On our screen I use a Firefox addon called "Web Of Trust" that can be configured easily for the kids and another addon called 'Blocksite' that I can selectively use for them and myself etc.
I have found out that they have still been able to get on to the net somehow under their login. Will have to observe again!! In the users settings for the kids the tick box for 'Internet'and 'use modem' access is un-ticked so I presumed that would be enough! Not so!!
To start off I do not have the ability to post in the Networking/Wireless thread. I attend DeVry university and in my school they recently rolled out "Bluesocket." Now that they have done this I am not able to access the internet utilizing my ubuntu laptop.I am able to connect to the network. When I open my web browser I am redirected to the "bluesocket" login page where I am able to successfully log in. The next step to accessing DeVry's internet service is to allow Bluesocket to do a scan using a Java applet. That scan is successful.
The results of the scan inform me that I am not being allowed to access the network resources because I don't have an antivirus or firewall program installed on my computer. I do not wish to have an antivirus or firewall program installed on my laptop to utilize DeVry's network resources. My question is what steps do I need to take to bypass/trick bluesocket?
There is this active connection in firestarter: ec2-174-129-193-12.compute-1.amazonaws.com (Port 443 - Service HTTPS - program python)After doing ps aux | grep PID it shows: /usr/bin/python /usr/lib/ubuntuone-client/ubuntuone-syncdaemon...This comes up in the firewall in each login, how do I get rid of it and how did it get there in the first place? Another question is if there is a way to limit a program's access to the internet. For example KCalender.. The things I type up in there may be stored somewhere. How can I disable complete access to the internet for that program and any other program so they can't backup, share, check etc. ?
I am trying to configure my Linux router to restrict Internet access for one computer on my LAN. It needs to be restrictive based on the time of day and the days of the week. I am using the MAC address of the computer to single out the one computer that needs to be blocked. However, this is my first attempt at making any rules with iptables, and I am not sure if I am doing this right. If some one can take a look at this I would greatly appreciate it. This is what I have done so far.
Here is my thinking. Create a new target. Check the MAC address, if it is NOT the offending computer return to the default chain. If it is the offending computer check that we are between the allowed hours and dates and ACCEPT. If we are not within the time/date range then drop the packet.
Here I am trying to route all packets regardless of the computer on the LAN into the blocked_access chain for checking.
Is it a good idea to route all traffic through the blocked_access chain? I do run other servers that are accessible from the Internet, so I am not sure how this setup will affect that. I also use shorewall on the router to setup iptables for me. How would I integrate this with shorewall?
I am using squid to block access when he is using the web browser. However, he is still able to play games(World of Warcraft) and the like.
I am using Debian sid, iptable(1.4.6), shorewall(4.4.6), kernel 2.6.32-trunk-686.
I have a NIS server and a web server as a client. I have a regular linux user (without root privileges) "techsupport1" on NIS server. On the client web server, I have root user, and my clients. Now what I want to achieve is, allow my user "techsupport1" to access the web server, but instead of logging in using root user, I'd like the client to use username "techsupport1", but in the same time, give that user root privileges on the web server (client). The reason, is that I have more than one user who need to manage the web server (client), so I want to be able to clearly see in the bash_history, who has been running what commands. right now, when I login as a techsupport user to the web server (client) from my NIS server
I don't have root privileges, also my gid is matching to gid of a customer who has the same 517 on the web server. How can I configure, so when a tech support agent 1, logs in to web server, NIS grants root privileges, but keeps the techsupport username?
I have got a RHEL 5.6 server configured to authenticate via a Windows 2008 domain controller via LDAPS.Everything is working fine, except from the following: When I create a new user in Active directory and check the option "user must change password at next logon", the new user cannot logon and gets an "access denied" message. In /var/log/secure, I find the following:
Mar 1 14:43:21 cpssvn10 sshd: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.3.12 user=testuser2 Mar 1 14:43:21 cpssvn10 sshd: pam_ldap: error trying to bind as user "CN=CPSS Testuser 2,OU=IBM,DC=cpss,DC=smarterplatform,DC=com" (Invalid credentials) Mar 1 14:43:23 cpssvn10 sshd: Failed password for testuser2 from 192.168.3.12 port 4583 ssh2
As soon as I uncheck the "user must change ..." option, the user can log on without problems. Also password change via the passwd command works.
I have a linux box (fedora) with two ethernet cards eth1 and eth2. On eth1 I successfully configured a PPPOE internet connection. Such that from the server I can browse the internet. On eth2 I wired it to a wireless router essentially to provide the wireless cloud. On eth2 I also configured dhcp, such that the Linux box is both PPPOE and DHCP server.However my clients on the LAN cannot access the Internet.
On passing the routing command I get Destination Gateway Iface 196.44.x.y 0.0.0.0 ppp0 192.168.1.0 0.0.0.0 eth2 (my subnet) 0.0.0.0 0.0.0.0 ppp0.
The router (functioning as a wireless access point mainly) has a fixed IP address of 192.168.1.2 and eth2 has IP address 192.168.1.1. The dhcp file running on Linux has been set with option router (Gateway) 192.168.1.1. I cannot figure out how to correctly set the routing table such that my clients on wireless can access the internet cloud. I googled and googled but no solid solution. Any suggestions?
Vmware tells me it cannot start services.I believe the issue is tied to permissions because the message indicated the log with the full details was located in /tmp/vmware-root/setup-4772.log but when I go there I receive a message telling me I do not have permission to the directory and there's a lock symbol on the directory from the File Browser utility.What do I need to do to unlock the folder and get vmware working again ?
I'm trying to avoid having to migrate my machine to Fedora: it's either learn to clone some existing Puppet manifests from Fedora to Ubuntu, or move back to Fedora. I'm running into several problems, including parsing errors for rules that work for Fedora and fail for Ubuntu, presumably because the version of libaugeas-ruby is older for Ubuntu (0.3.0) than Fedora (0.4.0). For Ubuntu, these rules fail with "Could not evaluate: Could not retrieve information from source(s)". Another one is a failure of augeas to use the 'ins' command to insert a rule into krb5.conf. I can't think of any good reason for these other than the older versions of the libraries render Puppet unable to parse properly.
At any rate, I was wondering whether anyone has had experience and success controlling security services in Ubuntu (Natty), such as krb5, pam, screensaver locking, etc. I should be able to hack my way through these, but I keep hitting walls like the evaluation error above.
I have been trying to get my Samba 3.x NAS to connect to my Windows XP laptop. I can see the server though I cannot open it and see the shares. I have run various tests on the network and Samba (ping, smbclient) though still cannot find why I can't connect.
I can access the NAS via webmin, so I am thinking I need the security or the services settings on the XP machine. Is there a list somewhere of the Windows XP services and security settings required to share files?
I'd like to run a Tor relay, but am trying to understand the security implications. For some time I've run my torrent client in a VirtualBox virtual machine, which is run as a very non-prived user, bridges directly to The Internets, and writes to one directory on the host. My belief is this is about as secure as it can be, but am open to suggestion.If I run a relay in the VM it wouldn't be associated with my use of Tor as a client, which is fine since there is no technical need for them to be connected and it's desirable for security.I read that chroot jails can be broken, particularly when run as root, so I don't really trust that. Also studied a vserver, but it must share the network setup which doesn't strike me as isolated enough.
I'm having problems with hackers from across the globe trying to get into our servers. Why? i have no clue. nothing of value in my servers worth getting.
Right now my service only does business with USA. So I'm trying to find a way to block all Non USA traffic. I called my hosting provider and they are unable to help. Said it was up to me to do this.
Well I've already taken care of the TCP Wrappers. by spawning a small C program i made that uses MaxMind's GeoIP system. to automatically deny access. Now i need to do something about all the other network connections that come in to services that do not use the TCP wrappers.
So i was wondering if IPTABLES have a way to spawn a sub proccess like TCP wrappers or if there was any other firewall software out there for linux that would let me achieve my goal.
I m Trying to get vsftpd usergroups to work i accidentally moved a file called passwd from /etc/vsftpd/ to /etc/, resulting in my root access is destroyed! how to restore the passwd file so i can keep working, or do i have to re-install the entire box?
I want to simplify some of my rules, so I want to create rules for certain services like xmpp, web, etc. since some of them use multiple ports, and I toggle them on/off a lot. Can I simply put the jump to rule clauses in the Input chain, and once the sub chains run, does it return to the input chain after the jump to rule clause? I want to do this so I don't have a ton of rules in the input chain. I think that if I simply make a list of all the rules to jump to in the input chain, it will work itself through all of them until it finds a matching filter in one of them correct?
I know this has probably been asked too many times here but I need to secure my emails. Personal matters of course. But yeah. I use the program "Password and Encryption Keys" to generate a key to sign my emails with but I do not know what to do. To be blunt, I'm stupid when it comes to this. IF not, steps in creating a key? and giving it (my public key) to the significant other? Finding where both keys are? Implementing it into Thunderbird? If it helps any here's some extra information: Ubuntu distro: Ubuntu 10.04 Email client: Thunderbird