Security :: Root's .bash_history Has Been Truncated To 0
Feb 9, 2010
I have a recently installed Ubuntu Karmic with standard packages. I enabled automatic security updates and manually updated every package once. I have the root account enabled. At ~1am GMT my .bash_history file for the root account has been truncated to zero. I think the PC may have crashed (no keyboard, mouse, etc, but still some HD activity) at around this time. The disk isn't full, but this is a fresh install, I do not have direct net access (NAT) and I have only visited a limited number of web sites.
Despite the history file is unique (~/.bash_history) I see that the multiple bash processes run on different windows are not all updating that file. I presume that the bash is not taking into account this possibility (multiple bashes on multiple windows) and writes thus the history file in a simple straightforward way. This would mean that a number of history entries are lost. I've tried to find information but had no luck so far.
want to run VirtualBox with root permissions. Trouble is that only when run as root i can access attached USB devices inside of a virtual machine, otherwise, these a greyed out).Now running VirtualBox as a root user also changes the configuration folders, making all my virtual machines already defined disappear. I also don't want to copy all to the root configuration folders. Is there a way to give the VirtualBox root permissions but without actually running the application as a root user. Is it possible to do without changing the permissions of the non-root user, i.e. i don't want my user to have all root permissions, due to security considerations.
I run ProFTPd with TLS authentication on my Debian Lenny server. My problem is that despite of the fact that my users connect chrooted, one of my friends had root privileges after logging in form a Macintosh and could browse the root directory, too.
Having read on the forums about some of the dangers of running Wireshark as root, I would like to know if anyone can suggest some alternative packet sniffers/network analyzers which will offer similar results but without the security issues. I am using Karmic Koala on a Fujitsu Siemens laptop with wireless router (firewall enabled)
Whenever I login as root, an e-mail with the subject "Security information" is sent outwhere the e-mail address for this message is configured? I need to change it (or perhaps disable it).
I found this on Bee's website. For more info on this exploit there are links there:[URl]..All you have to do in Fedora 13 is enter the following lines in a shell as normal user:
[Code]...
I don't think this can be considered solely an "upstream" problem, because I first tried it in Arch using the same version of glibc, and the final command causes both gnome-terminal and xterm windows to disappear.
I used a bootable usb (Ubuntu 10.10) to backup files from an infected windows machine. I made backup DVD's using Brasero and disabled full windows compatibility when burning them to disc. The really dumb part was I didn't check the DVD's before I reinstalled windows on the drive I was backing up. They were all there, I assumed they were ok. The files on the DVD's (mix of doc, xls, jpg, etc.) won't open in windows or Linux. Anybody know of a way to recover them? From what I've been reading, it seems like I'm screwed, but I thought I'd check with the experts. Is there a specific way Brasero/Linux changes the file, and can that info can be used to change it back? I assume it just cuts the name/header to 64 characters and I'm SOL. I'm going to see what diskdoctor's recovery software can get back from the hard drive.
If I run low on free space, and I/system need to write something, then the files are just truncated. With no way to revert to their previous content.
First I installed the Windows on the VirtualBox, it sucked up all free space, so I couldn't even login to the system afterwards.
Then I, once again, silently ran out of free space, and my php editor broke. Later I discovered that it tried to write its config files, but failed, truncating them all. I lost a half a year of configurations, custom color scheme and custom code snippets.
Then one day the system just froze. Later I understood, there wasn't enough free space for it to run.
Today I was working on my php script, for like the second day, when, again, free space ran out, so with another file-save, I got a wonderfully impressing blank php-file. It was auto-reloaded from the external change, which was failure to write to file, obviously, so no ctrl-z worked, leaving me with two days work wasted and an urge to hit the monitor
My questions are: 1 How can this be fixed? Besides the obvious awesome fix "watch your free space, buddy". 2 Could somebody explain why these sorts of things happen, just so I know why the ultra-safe and durable 'nix operating system wants to destroy itself sometimes? 3 Anyone else encountered this issue?
I was doing a big backup system this morning (in Ubuntu 10.10) which was taking some time, when there was an urgent task I needed to see to, so I rashly stopped the backup with CTRL-C. Later I found that this left the recipient directory with an input-output problem, so I could not delete the truncated backup file (or any other file in the directory). I tried all sorts of chmod procedures etc., including using the usually very successful RESCUE CD from a USB pen, but nothing seemed to cure the input-output problem.
In the end, in desperation, I copied all the other files into a new directory, and then deleted the original directory from Windows 7. (I use a multiple boot system.) Windows obviously does not observe the same permissions as Linux, and it obeyed without demure! So all is now well.
I get an error while compiling in Eclipse: *.o: file not recognized: File truncated I tried to remove all the .obj and .moc folders and make clean but can't solve the problem! Maybe I'm missing something here.
I'm having a problem with Subversion. When I try an "svn up" it gives me this error message: SSL handshake failed: Secure connection truncated I'm running Ubuntu 10/4 but I also had this problem with 9/10. Does anyone know what this error message means? It appears to be an SSL problem but it's not clear to me what exactly the problem is. I do not have this problem with svn on my other office computer, nor my home computer. FYI, I'm running subversion on the Regina project.
The full error message is this: Code: svn up svn: OPTIONS of '[URL]': SSL handshake failed: Secure connection truncated [URL]. Although I don't think there's anything specific to Regina about this svn problem, as I mentioned, I can "svn up" from home, or from my other office computer.
How can I get Zypper to show the full description of packages rather than a truncated summary? When I use zypper to list installed packages or search for packages from the command line I would like to see the full detailed description of the packages that are returned in the results. Currently zypper only shows me a truncated summary description.
So the above is the error message I am receiving when trying to compile (at make stage when error received) binutils 2.20.1. I am compiling in Virtualbox and the base machine is SourceMage 64bit.
I have a fedora 10 server to which I can ssh as the root user using RSA.
However for any user other than root a password is always requested.
I have made changes to PAM and check the rights to all the files and read pages upon pages. I can mess it up completely so no one can login but cant get it so that anyone other than root can use a public key.
Another interesting and may be related item is that when any user logs in, with a password, via ssh then they get the error:
Could not chdir to home directory /home/xxxx: Permission denied
But they can cd to their home directory and have no problems.
I am thinking that this may be to do with the mount. The home directory is on a HDD but the system dive is an SSD.
I have gone over everything so many times I am now lost, I must be overlooking something so simple and obvious its just not coming to mind.
When I try to issue "su -", I get "su: Authentication failure", and I'm 100% sure password I enter is ok.
I think it started to happen after I issued chmod +s /usr/bin/screen chmod 755 /usr/bin/screen which I believe is unrelated to this problem, and, chmod -s /bin/su (-s by mistake) chmod 755 /bin/su which most probably made the whole mess...
this is not the part of the problem I believe but here's some background why I did that... when trying to make possible for screen sessions to be started automatically on boot under non-root account, I entered something like "su - username -c "/usr/bin/screen -dmS screenname ./executable-file"" in bootmisc.sh, but I was getting "must run suid root for multiuser support", so I tried to fix it, and now I can't login to root account no way.
I need to launch a bash file in Linux from an unprivileged user session, file that will run bash commands as root. But I do not want to create an user with root privileges to do that also the process must be silent (no password asked).
How can I do this without adding a user in sudoers and without giving rights to all users to execute the commands from that bash file?
I have tried SUID option witch would had been good as functionality but I understand that SUID doesn't work for script bash files.
i still can't see quite well the security reason for not allowing one logging in as root on Fedora, but anyway...how to become the root on my system, Fedora 10, please?i did open a terminal and typed s - root then my password, now im the root, but only on the terminal, as CLI, but what if i want to change the munu.lst inside grub i.e.? and some other files or settings that there's no option to just type in the root password, how to overcome that please?
I've recently installed 64bit version of ubuntu 9.10 but the GDMsetup doesn't seem to be working as it was in 9.04 i mean to say when you type gdmsetup at console the login window pops up where i can check the check-box "Allow local administrator log in" under security tab. to enable login as root. since it is not working i've to type password every time when i install a package or create a folder in root directory or mount a drive which is quite irritating how can i login as root in gui mode etc... also is there some syntax which i can put into /etc/gdm/custom.conf so i can log in as root....
The Wireshark website specifically warns against running WireShark as Root....
Quote:
Administrator/root account not required!
Many Wireshark users think that Wireshark requires a root/Administrator account to work with.
That's not a good idea, as using a root account makes any exploit far more dangerous: a successful exploit will have immediate control of the whole system, compromising it completely.
First of all, most Wireshark functions can always be used with a (probably very limited) user account. In particular, the protocol dissectors which have shown most of the security related bugs do not need a root account!
Only capturing (and gathering capture interface information) may require a root account, but even that can usually be "circumvented", see CaptureSetup/CapturePrivileges for details how to do so.
Having trouble adding a regular user with ssh access on Hardy 8.04. I can ssh into root, but not into the newly created regular user with the same ~/.ssh/authorized_keys
Code:
sshd_config has: AllowGroups sshlogin AllowUsers user root
[code]....
what could be preventing ssh login to ~user? And yes I would like to disable root ssh access, but it would be nice to be able to ssh into user first
I want full permissions for all computers in my house, without having to get up and go to the other room and change permissions for the file, folder, drive, directory, computer, etc., then go back to the other room again.
I just created a partition, as THIS user, THIS machine, rebooted, and cannot create a folder on the partition I just created. UGH. No more of this stuff... I guess at the very least, I'll still have to log onto each machine for this?
I want to get a of log all the commands executed by the root user with the following details :
incoming ip username (thru which su was executed) time and date all the commands executed as mentioned above.
Also if user has managed to login as root, he should not be able to disable / delete the above info. Can this info be collected at some other physical server ?
In security terms, would using sudo instead of root be safer? I'd actually prefer to use this if so; I like sudo an awful lot. (It's Mark Shuttleworth's fault)
Regarding the usage of our PKI, some security consultants suggested to let our root CA offine (hardware online but disconnected from the network). However, when it is offline, I don't understand how to sign certificate request or to publish CRL. How a PKI works with the root CA offline? USB sticks?
