Security :: Preventing Users From Browsing File System
Nov 5, 2010
What methods exits to restrict which directories a user may browse on the filesystem. I want to prevent php scripts from being able to view system files. I've seen two solutions, but neither are satisfactory:Chrooting a directory that the script is in, but this requires that all the necessary php libraries/files are moved/copied into the right place relative to the chroot directory. I don't feel that I have the technical ability to achieve this.Putting php into safe mode and disabling *nasty* php functions. But this is ineffective if just one obscure *bad* php function is missed.
View 5 Replies
ADVERTISEMENT
Apr 21, 2011
When I'm logged into my account, I can't shut down the computer if someone else is also logged in unless I supply the root password. However, if I log out, I can shut down from GDM without being challenged, even though another person is logged in, which could cause problems if that person is in the middle of some work. Is there a way to password-protect the gdm shutdown function if people are logged in?
View 2 Replies
View Related
Sep 11, 2010
how the file is generated or what it contains is not important at this point.The important question is how to prevent the file from being downloaded and its contents from being displayed in the browser window?Since it is not recognized by the web browser so it is downloaded on the system. That way, what the script does is exposed to the outside world.Okay, I usually keep such scripts in../cgi-bin/. But for files (text files, in the example) which are being uploaded by a user should not be downloaded by another user.
View 10 Replies
View Related
Sep 1, 2010
My Fedora box is giving me an SELinux security error:
Code: Summary:
SELinux is preventing the samba daemon from reading users' home directories.
Detailed Description:
SELinux has denied the samba daemon access to users' home directories. Someone
is attempting to access your home directories via your samba daemon. If you only
setup samba to share non-home directories, this probably signals an intrusion
attempt. For more information on SELinux integration with samba, look at the
samba_selinux man page. (man samba_selinux)
Allowing Access: If you want samba to share home directories you need to turn on the
samba_enable_home_dirs boolean: "setsebool -P samba_enable_home_dirs=1"
Fix Command:
setsebool -P samba_enable_home_dirs=1
Additional Information:
Source Context system_u:system_r:smbd_t:s0
Target Context unconfined_u:object_r:user_home_dir_t:s0
Target Objects /home/micah [ dir ]
Source smbd
[code]....
View 2 Replies
View Related
Dec 15, 2010
I have an auditing problem. I am required to be able to track user account modifications (creates, deletes, password changes, etc.) My team and I implemented auditd 1.7.17 and borrowed an existing rule set from /usr/share/doc/audit-1.7.17/nispom.rules. What we're seeing is that user account activity from the command line is retrievable by doing an 'aureport -m'. However, doing the same through the GUI, 'aureport -m' does not display the activity. So I have two questions:1. Is there another location I should be looking to find the user creation activities when using the GUI?2. Is there a way to make the activity using the GUI be captured in /var/log/audit/audit.log so 'aureport -m' can report it?Someone suggested a PAM configuration change, but was not able to tell me what change to make.
View 3 Replies
View Related
Dec 20, 2010
Is it easier or harder to get support answered in Fedora v. Ubuntu?I see twice as many users browsing fedora over ubuntu. Is this because fedoraforum not good?
View 2 Replies
View Related
Nov 2, 2010
I've searched these forums as well as Firefox's site, as well as searching on Google Linux but can't find what I'm looking for.In a nutshell, I want to keep a log of my users' browser history so that even if they clear history or set Firefox to not keep history, I can still view a log of what site they have visited.My hope is that I can write a script(although I'm a BASH newb it would be a nice little real-world project for me to attempt) that would keep info such as user,visit date,ip of visited site, just the basics. A great feature would be for the logs to be emailed to me for inspection but that isn't vital if I can navigate to the log myself.
For all I know this is already available somewhere in the log folders I just can't find anything. If it helps I'm running Mint 9 Isadora and Firefox 3.6.12
View 4 Replies
View Related
May 15, 2010
I have a problem as following: "using iptables to prevent IP spoofing".
View 4 Replies
View Related
May 26, 2011
I want to create a shared folder in a ubuntu sistem but I want to know if I can get access to some users of my domain active directory windows 2003 server?If I can, I would give that security in some of the subfolders of that shared folder as explained at the example:XAMPLE:
Backups (all have access and it's shared)
Mail of Charles (Can only have access Charles that have an account on domain)
Mail of John (Can only have access John)
[code]...
View 1 Replies
View Related
Jan 2, 2010
I recently was able to network 2 computers at home and I wanted to make my password more secure. When I try to edit my password via System>Administration>Users and Groups, it doesn't workI am able to edit my user settings. When I change my password I enter my old one and it accepts my new one. Problem is when I try to install programs, login and do other things it only accepts my old password. How can I change my password?
View 3 Replies
View Related
Jun 4, 2011
is it possible to block an application from using the network? If yes, how? I read it's possible with iptables and with selinux... Also, what about creating a user who can't connect and run the application with that user?
View 7 Replies
View Related
Jan 13, 2011
I'd like to grant /usr/sbin/sendmail.sendmail "connectto" access to the unix_stream_socket /var/lib/imap/socket/lmtp.How do I do that?I want to eliminate error messages that keep appearing in my message log:
/var/log/messages:Jan 13 11:45:29 e setroubleshoot: SELinux is preventing /usr/sbin/sendmail.sendmail from connectto access on the unix_stream_socket /var/lib/imap/socket/lmtp. For complete SELinux messages. run sealert -l 05df828f-4402-
[code]....
View 1 Replies
View Related
Nov 2, 2010
I have a remote directory shared over NFS called tech with perms set as 0750 and owner set to root:tech. I have 2 groups: tech, and techAdmin. tech can read and execute within tech/. techAdmin can read, write, execute. I have 4 users: user1, user2, user3, user4. user1 and user2 is a member of techAdmin, user3 and user4 are members of tech. simple so far...but wait here's the problem. If user1 creates a file inside tech, user2 cant read or modify it because user1 owns it. Here's a few sites that reference this problem:
[code]....
View 4 Replies
View Related
May 8, 2011
I'm trying to set up an unprivileged user on some field systems running 11.04 with the standard Gnome shell (rather than Unity), and ideally that user would not have access to the command line. The user can log in through GDM (but not the text consoles) with no password, so I need to provide the absolute minimum of privileges; basically the user should only be able to run one program.
I've already set the /desktop/gnome/lockdown/disable_command_line key with gconf-editor for that user, which successfully disabled the "Run Command" dialog. Unfortunately, even though the description of the key in gconf-editor says "prevents the user from accessing the terminal...", the terminal emulator is still accessible from the Applications menu, and I haven't been able to find a good way of disabling the terminal or removing it from the menu. The only thing that occurs to me is an ugly hack: replace the gnome-terminal binary with another that checks to make sure the user is not the unprivileged one and then starts gnome-terminal.
View 5 Replies
View Related
Jul 24, 2010
where are the "System Log Viewer" config files stored? I know most have been moved into /var/rsyslog.d/ folder but where are the users config file stored? I restored my local /home to a fresh install and the Log viewer is looking for log files from the OLD install.
So there must be a config file somewhere in /home/$user that the system log viewer is reading from as well as the rsyslog.d folder...
View 1 Replies
View Related
May 11, 2011
I need to customize linux kernel root file system for embedded linux system. During compile time, for root file system I am able to create different user/group ex: "gnumuzic/Muzic". But I want to give access to group "Muzic" to some folders like /dev/nexig during compile time.
View 1 Replies
View Related
Mar 13, 2009
I went to print something and I get this message: Summary: SELinux is preventing access to files with the default label, default_t.
Detailed Description: SELinux permission checks on files labeled default_t are being denied. These files/directories have the default label on them. This can indicate a labeling problem, especially if the files being referred to are not top level directories. Any files/directories under standard system directories, /usr, /var. /dev, /tmp, ..., should not be labeled with the default label. The default label is for files/directories which do not have a label on a parent directory. So if you create a new directory in / you might legitimately get this label.
View 3 Replies
View Related
Jul 15, 2011
This is the "alert" I've received from SElinux Alert Browser after closing "rythmbox" application that opened my CreativeZen mediaplayer:
Code:
SELinux is preventing /usr/libexec/abrt-hook-ccpp from using the sys_ptrace capability
in dmesg it has:
[code]....
View 3 Replies
View Related
Jul 11, 2010
I'm only just starting out with the Linux ubunto 10.04 OS after yeas of wasted time on Microsoft os's,I hope I'm posting this request for help in the right forum thread, if not please accept my apologies, I have tried searching everywhere for help in installing a firmware file into the File System / lib / firmware directory and each time I get an access denied result. The file is for a DVB board and I have managed to track down the right Linux fw file for this particular piece of equipment, Could some kind helpful person either explain how to get this firmware file into the Root System directory or even send a link to another site that deals with this sort of problemI've downloaded all the programs via the Ubuntu Software Center that should be able to perform this task however all to no avail.The reason why I posted this thread in this forum board is that it (in my own personal opinion which may be wrong) seems to me to be a security problem
View 1 Replies
View Related
Oct 19, 2010
i am investigating on solutions to trace a file deletion on a computer( Linux O/S).i also need to determine weither after a file deletion or download on a computer, the computer clock had not been modified. In case a file has been downloaded on a computer and then transferred to a removable device, i need to find out the file activity. i mean i should be able to tell that the file was downloaded and transferred to a device with possible specifications.
View 2 Replies
View Related
May 1, 2011
The desktop computer of my two children has a total of three users:
1) The superuser (me)
2) The user 1001 (my elder son)
3) The user 1002 (my younger son)
Both users 1001 and 1002 can not access their files system, and also they can not save any attachments from incoming mails.
What I tried so far:
I accessed the file manager as superuser, and went: >Root>Home. Here I right-clicked on the folder User 1001, selected properties, selected the tab 'permissions' and allowed this user to read and write into this folder. I also checked the checkbox �extend this permission to all subfolders and its contents.
The problem is, when I reboot, everything is 'forgotten' and I am at quadrant zero again.
Eventually I should state that part of the folders are from a backup drive, because the hard disk had to be replaced so, once I re-installed the OS on the new hard drive, I copied the folders from the backup drive into the home folder.
One last question:
Is there a good tutorial about permissions?
View 9 Replies
View Related
May 1, 2010
due to an exercise in Operating Systems I have to do the following: There are 6 users, user1, user2 ... user6 with home directories /users/user1 ... users/user6. User1 to user3 belong to group1, user4 to user6 belong to group2. The System Administrator wants to change the privilege* only to users 1, 2 and 3 to execute the file /bin/xxx. Which are the commands he has to type in order to achieve the previous?*I'm not sure if this is the right translation.What I have come till now is: Code: $ chgrp group1 <name_of_file> but it seems too simple to be right.
View 1 Replies
View Related
Apr 10, 2011
I am not sure where to post that so I'll just try here.My main question is: How can I prevent the system from changing my cpufreq settings? I'd like to keep the CPU load as low as possible so these settings are probably the best.However when I run some applications that require a higher CPU load the system changes the governor to performance and the rang to 0.8 - 2.4 GHz.And that's my problem. I neither know what application exactly is responsible for changing my cpufreq settings nor do I know how to turn that off.Or is it supposed to be that way?
View 11 Replies
View Related
Nov 1, 2010
We are trying to set up a classroom training environment where our SIG can hold classes for prospective converts from Microsoft/Mac. The ten machines will have /home/student01..10 and /home/linsig01..10 as users. We want /home/student01 to be able to explore and sudo so they can learn to administer their personal machines at home. We don't want them to be able to modify (sudo) /home/linsig01. I've seen the tutorial on Access Control Lists but I'd like other input so we get it right the first time.
View 3 Replies
View Related
Feb 23, 2011
Linux Mint 9 Fluxbox
Firefox 3.6.8
Even when I don't disturb anything while browsing, random sites start
launching (one at a time)!!
>Example:
bash.com
gifts.com
<LQ member username>.com
sex.com
I usually browse Lq, and all this happens while browsing Lq threads,
and sometimes other websites too!
View 14 Replies
View Related
Jan 9, 2010
What are all the ways you could think of that someone could view your browsing history, upstream from your machine? They don't have physical access, there's nothing on the computer itself and the person trying to hack has skill so I'm thinking like monitoring a proxy somehow, using the ip address somehow, compromising the modem in some way, possibly having access to google account etc. I am new to ubuntu and have really dug it so far but I want to figure how this is/was being done
View 9 Replies
View Related
Mar 11, 2010
I have installed MoBlock as instructed here: [URL]
After installation I created my own list file in /etc/blockcontrol/custom-blocklist.p2p and have the following uncommented at the bottom of /etc/blockcontrol/blocklists.list:
Code:
locallist /etc/blockcontrol/custom-blocklist.p2p
The list contains the following 2 entries:
Code:
Yahoo:98.137.149.56
Google:74.125.47.147
When I do:
[Code].....
Recently I just noticed that the locallist rules seem to have no effect. I will always get "destination port unreachable" even if the locallist entry in blocklists.list is commented out.
However, whenever I try to browse to that IP, even when blockcontrol is on, even by typing the IP into Konqueror (not the domain name), it lets me go there every time. How can I know that my other applications will not to do the same thing? How can I lock this down and test it empirically to be sure?
View 1 Replies
View Related
Dec 8, 2010
I come to Ubuntu with the notion that it is much more secure than Windows. In XP I had an anti-virus, third-party firewall and sundry softwares against spybots, rootkits etc. The anitivirus blocked the suspicious web pages while browsing. I generally avoided public networks, carrying a portable internet device Do I need similar stuff with Ubuntu.
View 9 Replies
View Related
Jun 29, 2010
I am using squid proxy server for sharing Internet in my internal network. I would like to know that how can I check the browsing history by individual users web surfing history by their IP addresses?
View 1 Replies
View Related
Apr 4, 2011
I like less and use it as my default pager in Linux. However, there are times that I am scrolling down through a large document quickly and less exits when I reach the end of the document before I have time to stop scrolling. I'd like less to exit only I type q, and not because I ask it to scroll beyond the end of the document. Is that possible?
View 1 Replies
View Related
