Security :: Secure CGI File In Apache - Authentication By Entering The Predefined Username And Password
Sep 24, 2010
Im using opennms network configuration backup server called 'RANCID'.It run on top of RHEL5 system and using APache. Here's the link which i'm accessing [URL] But any one can access this URL and obtain my configuration files
I want to secure this using a logon page.allow login Only for the successful authentications by entering the predefined username and password But after get authenticate book marking the above URL still can access anyone since it didnt prompt username and password again In eachtime executing the above url it should direct to authenticate page
View 5 Replies
ADVERTISEMENT
Mar 20, 2010
I would like to be able to enter codes. I have pressed ctrl alt f5, 6 etc and get to the black screen which asks for username and password. I enter the username and password that I use to log in, but I keep getting the message telling me that they are not correct.
View 8 Replies
View Related
Mar 18, 2011
I have a system installed fedora 13 which I have updated yesterday. Now when I am trying to start system it restarts immediately after entering the user name and password. I am not the expert user.
View 1 Replies
View Related
Jun 10, 2011
I tried installing lubuntu 'over' ubuntu, but am now locked out. Basically, the login screen loads, I've tried entering my username and password, but it doesn't work. I'm not really sure of my username as Ubuntu would automatically fill it in for me. But lubuntu isn't auto-loading my username, so I've been trying to enter all types of variations. I am 100% of my password though
I tried getting help at lubuntu's chat, but that's been kind of hard since there aren't that many people responding. The lubuntu people had me go into recovery mode (2.6.38-8 recovery) and so that would go smoothly. But when the screen of the options of resume, clean, dpkg, failsafex, etc, I cannot move the selector down. So basically, the orange selector is stuck at resume. Whenever I press the down key, the computer runs some lines, and I cannot go back to the list of options. The list is still visible, but can't select any of the options.
If I press the 'end' button, that executes something (probably the last option in the list), and I shut down the pc when it did that. The other arrow keys do nothing. The tab button manages to move the selector from the list to 'Ok' and 'Cancel.' But I cannot move the selector down.. TL;DR: I need to either get into recovery mode, or find a way to get my exact username lubuntu thinks it is.
View 6 Replies
View Related
Jun 30, 2011
I'm using Ubuntu 10.04LTS. I'm trying to configure my chat accounts. But after entering username and password, it is asking "Enter password to unlock your login keyring". I have entered my login password. But it is saying that "The password you use to log in to your computer no longer matches that of your login keyring."
View 4 Replies
View Related
Jan 10, 2011
I started a new job and they use LDAP here. I built a new RHEL 5.5 server and configured LDAP. Usernames are recognized but the password is not. I can chown a file to a user name but when I try to login as the user it won't accept the password.I know the password is correct because I can login to any of the old boxes and it accepts the password. I ran authconfig-tui to tell my RHEL box to authenticate to ldap.
View 1 Replies
View Related
Jan 10, 2010
I want to configure SSH key-based authentication and SSH password Authentication in same machine for different user .
View 1 Replies
View Related
Jan 2, 2010
I've installed Karmic after having used Jaunty in the past and it's working great, but I have a couple of security questions...
I opened the Disc Utility (Palimpsest) under System>Administration and was amazed that it looks like it will let me delete partitions on my hard drive, and without even asking for a password. This seems like an enormous security oversight, what am I missing here? Is there a bug filed for this?
Also related, why does Ubuntu allow a user to disable startup applications without requiring a password?
View 9 Replies
View Related
Feb 8, 2010
Something has gone awry with my login. After the usual username/password prompt my laptop comes up with smart card authentication & I can't login. How do I get away from the graphical login so I can login & correct the problem?
View 3 Replies
View Related
Mar 17, 2010
we are using linux email server axigen past few years. we keep port open ssh and pop,smtp webmail etc. ssh use for remote trouble shooting. so through firewall it is globally accessable. we notice many attacks coming to our machine, also some people try to enter in our system but failure. as example see below a log come in messages file
Mar 17 09:19:50 sa1 sshd(pam_unix)[21231]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=210.51.13.120 user=root how we can secure more. as per my understanding only good long strong password can stop to prevent from attacks.
View 5 Replies
View Related
Sep 27, 2010
I have setup a VPS server, created two accounts to two domains respectively, and in one account I built a tool to manage other accounts. I have been rigorously researching and found information, however not implemented yet, about granting apache sudo rights through an interface on one account, so that it can execute scripts as root to manage installations in other accounts. what I mean this is my tool will use 'rsync' to duplicate installations from any account into any account.
My question for security, is it secure to grant apache sudo rights? I have not resolved successfully granting it permissions, and I would not want to waste my time investigating more on it if it can compromise the system in any way.
In your experience, is it feasible to build such a tool like I described? I have the tool working to copy within account and to addon domains and it works great, but I want it to manage all accounts on the server.
View 3 Replies
View Related
Jun 19, 2010
I've set up a server for the first time today and I'm reading up on how to secure it. But I was wondering if anyone here would give me some tips from personal experience on what to do before going online with my website for the whole world to see. I'm running Ubuntu Server edition and Apache. Am I good to go with default settings or is there anything recommended that I should first do?
View 9 Replies
View Related
Jan 31, 2010
There was a recent thread in this forum regarding capturing of SSH passwords via the use of wireshark. The thread subject was closed, which is a decision that I both agree with as well as agree with the reasoning behind. The thread, however, raised a point of curiosity and concern that I would like to ask about. Quoting from a the book, SSH, The definitive guide,
The client authenticates you to the remote computer's SSH server using an encrypted connection, meaning that your username and password are encrypted before they leave the local machine. The SSH server then logs you in, and your entire login session is encrypted as it travels between client and server. Because the encryption is transparent, you won't notice any differences between telnet and the telnet-like SSH client.
I was under the impression that SSH was impervious to this type of eavesdropping, and quite frankly I take great comfort in that idea. I personally, only allow RSA keys for SSH access and (hopefully) avoid this problem (?) as a result. Does SSH really have a vulnerability in that the authentication is sent via plain text? How to ensure the security of SSH and not on anything that could be considered a how to 'crack' it.
View 6 Replies
View Related
Jun 4, 2011
I've been using ubuntu 9.10 for years and never been asked for username and password, always started straight away. Today I started the computer, it's asking for them and doesn't accept the password so it's trapped in a loop. I changed the password, no luck, the username when starting seems to be different from the one when I'm changing it. Something like "Mart Di", versus "mart". Tried both with new and old passwords. Does the password expireor something?
View 7 Replies
View Related
Feb 20, 2011
I want to display motd after entering username but before entering password. Is it possible?
View 8 Replies
View Related
Mar 10, 2010
Consider this stanza for a directory on my Apache server:
<Directory "/var/www/html/mine/wedding">
Options FollowSymLinks
Order allow,deny
Allow from all
AuthType Basic
AuthUserFile "/etc/httpd/htpasswd_file"
Require user username
</Directory>
View 4 Replies
View Related
Jan 11, 2011
I have a strange behaviour on a Slackware 13.1 box:
Code:
user@host$ su
su: Authentication failure
[code]...
View 5 Replies
View Related
Jan 27, 2010
Can't seem to do it, wondering if anyone knows how? Normally there's something in sshd_config that can be switched to true or yes to allow root login but I can't see it in fedora 12.I can login via root at a terminal no problem, just not via ssh, I get access denied every time. Also, I need to login using password authentication.I've done: 227169 but that's just for GUI which I don't really need since I rarely ever log into the GUI.I have also searched through here and mostly only found info such as above, how to enable root login for GUI, or billions of posts about how logingin as root is bad but I cannotswer to my question.DISCLAIMER: Please do not reply to this thread if all you can contribute is the question of why I need root or to put some message telling me I can do everything using su, etc, etc. Please only contribute if you can answer my question. A: My machine and a valid quesiton. B: Spirit of Linux is open, not restrictive
View 3 Replies
View Related
Jan 26, 2011
Running Ubuntu 10.10 and I'm getting annoyed by the password authentication each time I want to do something. I find this more annoying than Windows 7 and UAC
View 9 Replies
View Related
Jul 11, 2010
I seem to be missing a secure.log or security.log file. I have Ubuntu 10.04 and can't find this file. I looked in the /var/log and ran a search command to no avail. Does anyone know where this file is or is it called something else. I'm looking for a file that logs any change to the security settings of the system.
View 1 Replies
View Related
Sep 16, 2010
I'm running eeebuntu on a Toshiba Satellite R10, I installed the Netbook Remix Package which was apparently a horrible idea. I cant click properly. I tried to open synaptic package manager to uninstall it but it tells me my password is wrong, which i know it is not. Is there anyway to fix this, i can open terminal.
View 3 Replies
View Related
Jul 14, 2011
there are some configuration files where linux require the password of application user, to do something.how can i to encrypt the password in these files? Or how can i to store that password in encrypted file and retrieve it in secure mode?
View 2 Replies
View Related
Feb 4, 2010
If I need to get a file to someone I could place it on the server and somehow automate an email telling them there is a file available. They could login to the server based on their email address and a randomly generated key combination and down load the file.I also need it to preform the same function going the other way. Login into my server and place files going to me.
View 2 Replies
View Related
Jul 11, 2010
I seem to be missing a secure.log or security.log file. have Ubuntu 10.04 and can't find this file. I looked in the /var/log and ran a search command to no avail. Does anyone know where this file is or is it called something else.looking for a file that logs any change to the security settings of the system.
View 6 Replies
View Related
Feb 5, 2010
What do the default file permissions in ubuntu 9.10 protect/deny access to?
View 9 Replies
View Related
Jan 7, 2010
Been messing around with Ubuntu 9.1 for the last few weeks and am loving it so far. Been trying to get in the terminal and learn a little something, to no avail. LOL I have been googling and searching the site today for info on networking. My Linux box is a desktop, with my main HDD mounted with music, and movies and some other stuff. My intent is to network the two laptops in the house (Windows XP and Windows 7) to the Linux box so I can listen to my music and watch movies when not in the office. I have found some info, mostly involving Samba, and plan to install Samba tonight and fiddle with it. My issue was with security. I have read a few posts and they talk about the fact that if you share files in this manner, the set up is not secure at all. Is this something i should really be concerned about? If the folders I share only have my music and videos in them,
View 4 Replies
View Related
Mar 30, 2010
I set up a samba file sharing system but my workgroup asks for a username and password see this-This is the text in /etc/samba/smb.conf:
# smb.conf is the main Samba configuration file. You find a full commented
# version at /usr/share/doc/packages/samba/examples/smb.conf.SUSE if the
# samba-doc package is installed.
[code]...
View 9 Replies
View Related
Dec 1, 2010
I'm an Oracle DBA and started working for my current employer about 4 months ago. This past weekend an alert re: FS space brought my attention to /var/spool/clientmqueue (full of mail re: cron jobs) and the fact that sendmail is not running on our Linux servers.I'm told that the IT security team deemed sendmail too vulnerable so we don't run it.Aside from FS filling up and missing notification of issues with crontab entries, I'm concerned that we may be missing notification of potential issues. In other Unix/Linux environments I've seen emails from the print daemon when it experienced problems with specific jobs.
Are there other Linux facilities aside from cron and lpd that use email to advise the users of possible issues? Are there ways to secure sendmail or secure alternatives to sendmail? My primary need/desire is to make sure that emails regarding issues on the server get to the appropriate users. Secondary goal would be to have the ability to use mailx to send mail out. There is No need/desire to receive mail from outside.
View 1 Replies
View Related
Oct 8, 2010
I have CentOS 5 configured with apache web server. but it is not asking for password authentication while accessing the web page. the config detail is as below code...
View 15 Replies
View Related
Mar 13, 2010
I'm trying to find a secure way to backup files on my Prod Server to Backup Server. It must be automated, so I will need to run a command with cron which will login to Prod Server from Backup Server and backup data. 1. Do you think it would be secure enough to do this by creating an passwordless RSA private key on Backup Server and adding it's public key to authorized_hosts file on Prod Server? I can't think of a way to Automate this without having to enter any passwords without passwordless RSA key. Is there another. more secure way? 2. Should I create a special user for backup, which will only have read access to all files in the directory that I am backing up? If so, How can I run a check that this new backup user indeed has read access to ALL files in the folder that I intent to back up? How can I ensure the backup process will not skip files due to some permission problem? 3. I'm thinking of using rsnapshot tool, which uses rsync.
View 10 Replies
View Related
