Security :: Preventing Users From Downloading Files From Sever By Typing URL
Sep 11, 2010
how the file is generated or what it contains is not important at this point.The important question is how to prevent the file from being downloaded and its contents from being displayed in the browser window?Since it is not recognized by the web browser so it is downloaded on the system. That way, what the script does is exposed to the outside world.Okay, I usually keep such scripts in../cgi-bin/. But for files (text files, in the example) which are being uploaded by a user should not be downloaded by another user.
View 10 Replies
ADVERTISEMENT
Apr 21, 2011
When I'm logged into my account, I can't shut down the computer if someone else is also logged in unless I supply the root password. However, if I log out, I can shut down from GDM without being challenged, even though another person is logged in, which could cause problems if that person is in the middle of some work. Is there a way to password-protect the gdm shutdown function if people are logged in?
View 2 Replies
View Related
Nov 5, 2010
What methods exits to restrict which directories a user may browse on the filesystem. I want to prevent php scripts from being able to view system files. I've seen two solutions, but neither are satisfactory:Chrooting a directory that the script is in, but this requires that all the necessary php libraries/files are moved/copied into the right place relative to the chroot directory. I don't feel that I have the technical ability to achieve this.Putting php into safe mode and disabling *nasty* php functions. But this is ineffective if just one obscure *bad* php function is missed.
View 5 Replies
View Related
May 24, 2010
Is there a way to use kerberos (or baring that a trusted CA) to allow users to ssh across machines in an environment isntead of having to manage the hash keys per user/server? I'm using kerberos+ldap to log folks in and get their settings but I'd like to take it a step further. I've been reading a lot but still can't quite get it all to come together.
Do I need to create a SPN for each host to do this? Sorry if I am asking a dumb question, I am returning to the *nix fold after a decade+ in the Microsoft world, be gentle with me.
View 3 Replies
View Related
Mar 13, 2009
I went to print something and I get this message: Summary: SELinux is preventing access to files with the default label, default_t.
Detailed Description: SELinux permission checks on files labeled default_t are being denied. These files/directories have the default label on them. This can indicate a labeling problem, especially if the files being referred to are not top level directories. Any files/directories under standard system directories, /usr, /var. /dev, /tmp, ..., should not be labeled with the default label. The default label is for files/directories which do not have a label on a parent directory. So if you create a new directory in / you might legitimately get this label.
View 3 Replies
View Related
Mar 26, 2011
I just realized that I can access other users files and they can access my files simply by using the console to navigate the file system, Its not that big a deal, I am the only one using the computer but this seems like something is not configured correctly. Should each user be able to look at and modify each others files by default? (On Xubuntu 10)
View 7 Replies
View Related
Apr 12, 2011
I read the log
Code:
I found this print out:
Code:
The line in bold is the security issue. There is only 1 user account on the system. There should only be 1 user logged in, not 2 users logged in. The remainder of the log file lists 1 user logged in, for similar log output. 2 users logged in does not appear again in the log file.
Does the second line of bold indicate that an attempt was made to log in to the system using SSH?
There was an internet connection interruption (no service) around the time of the log file event. The service did return, later.
Does that line indicate that an unauthorized user logged in to the system?
View 3 Replies
View Related
Sep 1, 2010
My Fedora box is giving me an SELinux security error:
Code: Summary:
SELinux is preventing the samba daemon from reading users' home directories.
Detailed Description:
SELinux has denied the samba daemon access to users' home directories. Someone
is attempting to access your home directories via your samba daemon. If you only
setup samba to share non-home directories, this probably signals an intrusion
attempt. For more information on SELinux integration with samba, look at the
samba_selinux man page. (man samba_selinux)
Allowing Access: If you want samba to share home directories you need to turn on the
samba_enable_home_dirs boolean: "setsebool -P samba_enable_home_dirs=1"
Fix Command:
setsebool -P samba_enable_home_dirs=1
Additional Information:
Source Context system_u:system_r:smbd_t:s0
Target Context unconfined_u:object_r:user_home_dir_t:s0
Target Objects /home/micah [ dir ]
Source smbd
[code]....
View 2 Replies
View Related
Jan 8, 2011
It seems that AppArmor can't be effectively used to protect read access to files from users (including roots). It is possible to create a profile for, eg, 'cat', but then the users can use 'less'.Is this true? Should use SELinux instead for this?
View 5 Replies
View Related
Apr 9, 2011
When I'm logged in, physically on the server as root and logout the lines doesn't get cleared like when you logout as a normal user. This could be a bug and if it is, it could be a security problem. The last actions done shows.
Additional information:
Ubuntu Server 10.10 (32 bit)
RAM: 1GB
Server used as: webserver, database, gaming server.
View 2 Replies
View Related
May 15, 2010
I have a problem as following: "using iptables to prevent IP spoofing".
View 4 Replies
View Related
Jun 4, 2011
is it possible to block an application from using the network? If yes, how? I read it's possible with iptables and with selinux... Also, what about creating a user who can't connect and run the application with that user?
View 7 Replies
View Related
Jan 13, 2011
I'd like to grant /usr/sbin/sendmail.sendmail "connectto" access to the unix_stream_socket /var/lib/imap/socket/lmtp.How do I do that?I want to eliminate error messages that keep appearing in my message log:
/var/log/messages:Jan 13 11:45:29 e setroubleshoot: SELinux is preventing /usr/sbin/sendmail.sendmail from connectto access on the unix_stream_socket /var/lib/imap/socket/lmtp. For complete SELinux messages. run sealert -l 05df828f-4402-
[code]....
View 1 Replies
View Related
May 25, 2010
I have xubuntu installed can I make it in to a server? Can I keep the GUI? And how can I make the sever back up files from windows 7 my documents?
View 12 Replies
View Related
May 8, 2011
I'm trying to set up an unprivileged user on some field systems running 11.04 with the standard Gnome shell (rather than Unity), and ideally that user would not have access to the command line. The user can log in through GDM (but not the text consoles) with no password, so I need to provide the absolute minimum of privileges; basically the user should only be able to run one program.
I've already set the /desktop/gnome/lockdown/disable_command_line key with gconf-editor for that user, which successfully disabled the "Run Command" dialog. Unfortunately, even though the description of the key in gconf-editor says "prevents the user from accessing the terminal...", the terminal emulator is still accessible from the Applications menu, and I haven't been able to find a good way of disabling the terminal or removing it from the menu. The only thing that occurs to me is an ugly hack: replace the gnome-terminal binary with another that checks to make sure the user is not the unprivileged one and then starts gnome-terminal.
View 5 Replies
View Related
Nov 12, 2010
I have Redhat enterprise linux 4 and it is used for squid. This machine is behind the Cisco PIX Firewall and it is handled by our network administrator. few days ago, my boss ordered me to allow Mail (Yahoo, Hotmail, G-Mail) only to some users and block every things for them. Here also, some other users (not above) have allowed downloading, movies etc and some users have not. I did it in squid as follow for users who required mail access only:-
[Code]....
View 1 Replies
View Related
Jun 17, 2010
Half the time I click on a text box to write and star typing only to find out I'm typing somewhere other than where I clicked.It's not dwell click and the active text box seems to be related to mouseover.
View 2 Replies
View Related
Jul 15, 2011
This is the "alert" I've received from SElinux Alert Browser after closing "rythmbox" application that opened my CreativeZen mediaplayer:
Code:
SELinux is preventing /usr/libexec/abrt-hook-ccpp from using the sys_ptrace capability
in dmesg it has:
[code]....
View 3 Replies
View Related
Apr 21, 2011
Is it possible to have a user in Ubuntu/Debian that does not have access to synaptic, apt-get, dpkg and cannot even download anything from the Web, but has root privileges otherwise?
Original post (above translated by aimar) code...
View 2 Replies
View Related
May 8, 2011
i want to run a stable service for downloading file in fedora 14 in a network with 800 users. i want to whole of users can connect to server and download my files.
View 8 Replies
View Related
Nov 1, 2010
We are trying to set up a classroom training environment where our SIG can hold classes for prospective converts from Microsoft/Mac. The ten machines will have /home/student01..10 and /home/linsig01..10 as users. We want /home/student01 to be able to explore and sudo so they can learn to administer their personal machines at home. We don't want them to be able to modify (sudo) /home/linsig01. I've seen the tutorial on Access Control Lists but I'd like other input so we get it right the first time.
View 3 Replies
View Related
May 16, 2011
The "find by typing" feature in Unity, as far as it concerns files and folders, is rather limited. Is there a way to specifically add a directory to the places where this feature is looking? (where is it looking anyway? most of my documents don't show up, even in my "home" directory...
View 2 Replies
View Related
Jul 6, 2011
So let's say I entered some dir in MC as a regular user and there is a file with very long name which is not convenient to spell and I want to edit it with nano as root. In this directory I type in a command "sudo nano [name]" and autocompletion doesn't work because the TAB key is for another purpose in MC. Can I insert a name of selected file without typing it in MC?
View 3 Replies
View Related
Oct 15, 2010
To avoid having to input a password for the keyring each time I connect to the net via wireless, I enabled the 'Available to all users' option in Network Manager. Now, my question is this. Are the 'users' it refers to just those created on this machine? Would a drive-by be able to use my network without entering the password?
View 3 Replies
View Related
Jan 18, 2010
When I have different people log into our ftp and browse to the same folder, some people see the files inside, some don't. all the user accounts are in the same group, which has permission to this folder. but the one user who can see the files is the owner. how can i fix it so everyone in that group who's the owner of the folder can see the files?
View 10 Replies
View Related
May 12, 2010
I have an environment with multiple projects that have a variety of government and commercial sponsors. We have been satisfied to this point with a netapp serving nfs/cifs and keeping a tight reign on nfs exports.Some of these projects have started asking us to provide access restricted sub-folders of the project space based on different groups that contain a user subset of the primary group.
We have a linux machine that serves as a version control front end to the netapp, mounting the project spaces via nfs. People are now mounting their project space via sshfs to this "front end" and sharing the root password of this sshfs client with everyone in their project, in turn creating a security hole to access the so called restricted sub-folders. I know all the obligatory responses referring to irresponsible user behavior but would like to see how others have addressed something like this where user behavior seems out of control.
View 12 Replies
View Related
Oct 1, 2009
Because I was browsing around in KDE and found out that I can view other users files and they can view mine.
View 1 Replies
View Related
Feb 1, 2011
I understand wget is used to download files. Is there a way I can search a url for what files are available for me to download. I need to install a plug-in from an adobe website.
View 2 Replies
View Related
Nov 14, 2010
I've been using PAN for quite some time - recently installed 0.133 from the Ubuntu software centre. Worked fine for a while, no issue. Then, a week or so, it started downloading .msg files in company with the binary files I was getting. Sometimes one .msg file for one binary, sometimes quite a few. It seems to have some correlation to the size of the binary, that is the larger the binary, the greater the number of .msg files were downloaded.This morning, it would ONLY download .msg files. I could see the decoded binary in the PAN viewer pane, but it isn't present on my system. I have made NO changes to any configuration files, other than installing the recommended updates.
How do I correct this?Can anyone tell me what these .msg files are, and how to stop them from downloading?Are there as-good or better newsreaders out there that I can/should try?
View 3 Replies
View Related
Mar 27, 2011
How to set up a script to log on to a server through SSH, copy file from the server to the local machine, and then run a script on the downloaded file. More specifically, I've got a minecraft sever that is run on ubuntu.
I know that I can do
# ssh username@ipaddress
to log on to the server through the terminal.
After this it asks me for a password. Once I type in the password I have access to the directories on the server. How can I set up a script to log on to the server and enter password? Once I do this, how do I automate it to copy a file from that server to ~/Desktop? If I can do this, I have a script that will run from there.
I've learned that I can do
scp -r remoteuser@remotebox:/remote/directory /local/directory to copy files from a server to my local machine, but it still asks me for the server password. how do I make it so that the password is automatically entered?
View 2 Replies
View Related
