Security :: Proper Security Settings For Virtual Hosting Of Domains?
Jan 30, 2010
I have a CentOS 5 server in which I use Virtual Hosting and each domain has its own user/pass for login to upload files. The path is /var/www/vhosts/domain name]/httpdocs/What im attempting is setting up the creation of the [domain name] folder from an administration backend under PHP, which I am developing. What Im worried about is if I allow PHP to run command line commands such as mkdir, then what is stopping anyone from doing the same from their php files on my server??? What is the best way to properly setup my server to allow automated creation of the domain structure within my folder system
View 3 Replies
ADVERTISEMENT
Aug 12, 2010
I have a server with 14 IP's on eth0. I'm using virtual interfaces to handle the IP's, but the iptables don't seem to work on the virtual interface. It blocks ports that I want open. I'm not that great with iptables, I use what I have because it works for me, but as far as tweaking it, I'm pretty lost.
My iptables:
# Simple Firewall configuration
#
# Set default policies --------
*filter
:INPUT ACCEPT [0:0]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [0:0]
#
# Internal Networks -----------
#-A INPUT -s <private.class.C>/24 -d <private.class.C>/24 -i eth1 -j ACCEPT
#
# Loopback --------------------
-A INPUT -s 0/0 -d 0/0 -i lo -j ACCEPT
#
# Accept established connections
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
#
# Services --------------------
#
# For SSH gateway
-A INPUT -p tcp -s 0/0 -d 0/0 --dport 22 -m state --state NEW -j ACCEPT
#
# For SMTP gateway
-A INPUT -p tcp -s 0/0 -d 0/0 --dport 25 -m state --state NEW -j ACCEPT
#
# For FTP server
-A INPUT -p tcp -s 0/0 -d 0/0 --dport 20 -m state --state NEW -j ACCEPT
-A INPUT -p tcp -s 0/0 -d 0/0 --dport 21 -m state --state NEW -j ACCEPT
-A INPUT -p udp -s 0/0 -d 0/0 --dport 53 -m state --state NEW -j ACCEPT
#
# HTTP services
-A INPUT -p tcp -s 0/0 -d 0/0 --dport 80 -m state --state NEW -j ACCEPT
#
# HTTPS services
-A INPUT -p tcp -s 0/0 -d 0/0 --dport 443 -m state --state NEW -j ACCEPT
#
# POP-3 services
#-A INPUT -p tcp -s 0/0 -d 0/0 --dport 110 -m state --state NEW -j ACCEPT
#
# IMAP services
-A INPUT -p tcp -s 0/0 -d 0/0 --dport 143 -m state --state NEW -j ACCEPT
#
#PLESK
#-A INPUT -p tcp -s 0/0 -d 0/0 --dport 8443 -m state --state NEW -j ACCEPT
#
#Games
-A INPUT -p tcp -s 0/0 -d 0/0 --dport 28960 -m state --state NEW -j ACCEPT
-A INPUT -p udp -s 0/0 -d 0/0 --dport 28960 -m state --state NEW -j ACCEPT
-A INPUT -p tcp -s 0/0 -d 0/0 --dport 27666 -m state --state NEW -j ACCEPT
-A INPUT -p udp -s 0/0 -d 0/0 --dport 27666 -m state --state NEW -j ACCEPT
-A INPUT -p tcp -s 0/0 -d 0/0 --dport 28961 -m state --state NEW -j ACCEPT
-A INPUT -p udp -s 0/0 -d 0/0 --dport 28961 -m state --state NEW -j ACCEPT
-A INPUT -p tcp -s 0/0 -d 0/0 --dport 28962 -m state --state NEW -j ACCEPT
-A INPUT -p udp -s 0/0 -d 0/0 --dport 28962 -m state --state NEW -j ACCEPT
-A INPUT -p udp -s 0/0 -d 0/0 --dport 27015 -m state --state NEW -j ACCEPT
-A INPUT -p tcp -s 0/0 -d 0/0 --dport 27015 -m state --state NEW -j ACCEPT
-A INPUT -p udp -s 0/0 -d 0/0 --dport 27016 -m state --state NEW -j ACCEPT
-A INPUT -p tcp -s 0/0 -d 0/0 --dport 27016 -m state --state NEW -j ACCEPT
-A INPUT -p udp -s 0/0 -d 0/0 --dport 27017 -m state --state NEW -j ACCEPT
-A INPUT -p tcp -s 0/0 -d 0/0 --dport 27017 -m state --state NEW -j ACCEPT
-A INPUT -p tcp -s 0/0 -d 0/0 --dport 27020 -m state --state NEW -j ACCEPT
-A INPUT -p udp -s 0/0 -d 0/0 --dport 27020 -m state --state NEW -j ACCEPT
# Disallow fragmented packets
-A INPUT -f -j DROP
#
# Log & Block broadcast packets
-A INPUT -d 255.255.255.255/0.0.0.255 -j LOG
-A INPUT -d 255.255.255.255/0.0.0.255 -j DROP
# Log & Block multicast packets
-A INPUT -d 224.0.0.1 -j LOG
-A INPUT -d 224.0.0.1 -j DROP
#
# Log and drop all other incoming packets
-A INPUT -j LOG
-A INPUT -j DROP
#
COMMIT
View 18 Replies
View Related
Aug 18, 2011
I have designed name based virtual hosting in apache. as of now,I am able to access website using IP also. which is I am looking to block, only can access by the name
View 7 Replies
View Related
Jun 20, 2011
What is the easiest and proper way to get security updates for slackware.
View 13 Replies
View Related
Dec 29, 2010
I want to remove to help reduce vulnerabilities..
would 'apt-get autoremove make' be the proper command? It wants to remove about 30 or so packages. I don't want to lose anything i might need to run apache2 and similar packages (self-configured web server). Running Lenny.
View 8 Replies
View Related
Nov 24, 2010
I was looking for a way to protect my samba server for limiting access to certain domains.Can I use the parameterhosts allow = example.comor something like that or is there another way to do the job for domains
View 4 Replies
View Related
Mar 18, 2010
how would i move from domain1.com to domain2.com whilst making it so people can still use the old domain if they wanted to?
View 3 Replies
View Related
Jan 8, 2010
Is there anyway for one Virtual Server to access the main host, or another Virtual Server? Or would they be totally 100% independent?
View 5 Replies
View Related
Oct 18, 2009
I am using openDNS on my current Linux box and I was wondering if their is a way to force the DNS settings to stay the same even if ROOT tries to change it (since my dad wants content filtering password protected and I still want my computers root access...)
View 2 Replies
View Related
Sep 20, 2010
If I installed MS-Windows/Chrome OS on Virtualbox and one of them got virus, will ubuntu get that virus too or it's safe? because I want to remove windows permanently and only have it on Virtualbox in case I needed it. And what should I disable in Virtualbox in case someone hacked my windows so he won't get access to ubuntu.
View 4 Replies
View Related
Jan 23, 2011
If I install VirtualBox and run XP inside of Linux, do I need to have AV and a firewall running on the VirtualBox or do all the computer connections go through ports on the Linux box.
View 9 Replies
View Related
Jan 18, 2011
I run a small (cabled) network between a desktop with XP with two printers hooked to it and a laptop with Ubuntu 10.04.1 64b. I can approach and use these printers from my laptop and filesharing works also. BUT ... this only works when my Ubuntu firewall (Gufw 10.04.5) is switched off. I am operating behind my router_modem which has a hardware type of firewall switched on at all times so I presume I'm safe. Now my questions:
1. Is this really safe enough?
2. What kind of settings would Gufw need to be able to use it AND use my mini-network for printing? I have no experience whatsoever with firewall rules and settings.
View 1 Replies
View Related
Sep 1, 2011
I am currently trying to best configure my Natty Narwal linux distro. At boot, the system is configured to automatically connect last Wifi network. When I connect to the WIFI however a whole bunch of instructions are loaded in the IPTABLES.
View 1 Replies
View Related
Dec 20, 2010
I would like to set the firewall in Ubuntu Server 10.10 up to be very secure but perform these tasks:
1. File server to windows 7 and windows xp machines both over ethernet and wireless via a router.
2. Print server for these 2 machines.
3. Auto backup these 2 machines.
So far I have set the server up with a static ip, do the 2 windows machines need static ip's as well? I don't need remote access to the server, only over the lan. I thought this may be all I needed to do:
Code:
$ sudo ufw default deny incoming
$ sudo ufw default allow outgoing
$ sudo ufw allow ssh
$ sudo ufw allow Samba
$ sudo ufw allow rsync
$ sudo ufw enable
But would this block auto updates to the server and auto backup of my files?
View 4 Replies
View Related
Jan 28, 2010
I have been trying to get my Samba 3.x NAS to connect to my Windows XP laptop. I can see the server though I cannot open it and see the shares. I have run various tests on the network and Samba (ping, smbclient) though still cannot find why I can't connect.
I can access the NAS via webmin, so I am thinking I need the security or the services settings on the XP machine. Is there a list somewhere of the Windows XP services and security settings required to share files?
View 4 Replies
View Related
Mar 3, 2010
I installed DansGuardian. In order for it to work I set the system wide proxy. However it is really easy to get around DansGuardian by going to preference proxy setting. How do I password protect this setting so it requires a password to change proxy setting? Preferably a different password than the normal sudo password if possible. If not I at least want the sudo password protecting it! I run multiple browsers so doing it via the system rather than the browser made the most since.
View 5 Replies
View Related
Jun 16, 2010
I have LTS 10.04 with firefox 3.63 and the cookie settings are not there. Does anyone else have missing privacy settings. I dont like the idea of tracking cookies and want to do what I can to get rid of them.
View 1 Replies
View Related
Aug 5, 2010
When lauching gdmsetup I can't unlock it to change settings. nothing happens when clicking on "lock" button
the same problem in Ubuntu Software Center 2.0.7. nothing happens when I pull "Install"
(no authorization starts)
there are no authorization window in admin-shares too
It started when I have changed the type of ubuntu login - I have changed from gdmsetup settings from "password" to automatic authorization.
I checked the the PolicyKit Agent. It seems to working (and autostarting) with such command:
/usr/lib/policykit-1-gnome/polkit-gnome-authentication-agent-1
View 2 Replies
View Related
Jun 15, 2011
I am administrating a system with about 40 or 50 users, and we recently jumped ship from windows to ubuntu. Most of my users are getting along fine, but it seems every few days, i have to help someone who accidentally changed something, and now their account (or more rarely, the machine) is unusable, and has to be reset.
I know configuring /etc/sudoers is a huge step toward fixing my problem, but that still will not completely solve it. What I would like to do is prevent users from making ANY changes to the system (aside from their work files and the like), including themes, icons, desktop, background, etc.
View 2 Replies
View Related
Sep 25, 2010
I wanted to know if I install Ubuntu on my virtual PC on Windows 7 is it just as secure?
If I have a keylogger or some spyware will that affect the session I have running on the Virtual PC? Can they still steal my passwords?
View 8 Replies
View Related
Sep 6, 2010
I'm noodling around with Ubuntu 10.4.1, latest updates and kernel (2.6.32.24?).Anyway, I run ClamAv as root and it goes fine through almost all of my system (huge amount of it), including several virtual devices, where it hangs on pan0, which has some association with my network (eth0 would be for wired connection, and wlan0 for wireless, and pan0 is listed also, but I'm not at that machine right now, so I can't tell why it shows up. wlan0 is what I use to connect to the internet).Is there an issue for clamAV with virtual devices? Any workaround? I had to terminate the scan after it stayed hung for over 5 minutes on pan0.
View 6 Replies
View Related
Jan 1, 2010
I installed Ubuntu 9.10 netbook remix on my Acer Aspire One D250 computer. The broadcom wireless NIC succeeds in connecting to the network but only if I remove the WPA-PSK security in the Netgear router settings. What do I need to change in order to be able to secure my network?
View 2 Replies
View Related
Apr 15, 2010
So I know Linux has iptables, I'm rather new to linux, and I'm wondering, are the stock settings with Ubuntu/Kubuntu safe? Is there anything I need to do make them more secure? I tried adding rules myself for some things but ended up just not being able to do anything so I had to reset back to stock with iptables -F. Should I be safe running as-is?
View 4 Replies
View Related
Aug 19, 2010
I just erased WinXp and installed Ubuntu on old laptop. I intend to use it later ot connect to public Wi-Fi. Do i need to install a firewall GUI and make any special settings? I didn't encrypt home folder during installation. I probably should have done it. But i am already low on system resources (224MB ram, 1.2Ghz CPU). Would that use up any additional resources? Would it make computer run slower? Can i still encrypt the home folder after i installed the system?
View 3 Replies
View Related
Dec 28, 2010
I have been investigating some security precautions over the past several months. I use Ubuntu now instead of windows and FIrefox browser also. I have installed BetterPrivacy, WOT, NoSCript and a few other add ons. I have SELinux, ClamAV, AIDE, and chkrootkit installed for Ubuntu.
When we browse certain web sites, we get an error about the server being reset. However, when I put the Ubuntu install cd in and browse with Firefox, obviously with no add ons or settings changed, we can browse to the site with no problems. We are trying to be secure on the internet and I don't want to lower or get rid of any of the settings / add ons we added. What would cause servers to reset when using Firefox / Ubuntu with browser add ons / OS addons?
View 2 Replies
View Related
Jan 2, 2010
When you have a computer whose hard drive is partitioned with one part Windows and the other Linux, what are the concerns with viruses and transference across the two systems? Can viruses infect the windows side brought over through the Linux side (Firefox) or are the partitions completely separated? In other words, if all of your Internet voyages are through Firefox under Linux, is there any danger of infecting the Windows side of the computer? What about when having Linux installed within the Windows portion as a virtual system?
View 2 Replies
View Related
Apr 26, 2010
I have NTFS-protected directories under Windows. However under Linux, even though I'm not logged in as a Super-User, Ubuntu cheerfully mounts all NTFS partitions on this machine and EVERY computer on my home network. This gives my GUESTS complete access to all machines connected to my network: Nautilus -> Windows Network -> Workgroup -> Clicking on any computer Name gives access to windows' administrative shares C$, D$, etc. I've always known that Linux ignores Windows security, but... what is the solution?
View 9 Replies
View Related
Jan 11, 2011
I'm using RHEL 5 with the Enhanced Security. Using the suggest NISPOM Red Hat documented settings (located on the system; copy - paste) I have managed to audit failed file open accesses however, this setting only retained if I enter it at the command line (/sbin/auditctl -a ). If I reboot the system or restart the service all my -a (not -w) located in the /etc/audit/audit.rules are not retained.
View 6 Replies
View Related
May 15, 2010
me know the detailed reason that why we can't use name based virtual hosting with SSL
View 1 Replies
View Related
Feb 7, 2010
Just wondering if it's possible to do virtual hosting without a registered domain name. I'm running slackware 13 and just trying to do it like this in my vhost config:192.168.15.149/test1.phpand 192.168.15.149/test2.php
View 14 Replies
View Related
