Security :: Secure And Automated Backups - Add Public Key To Authorized_hosts File On Prod Server?
Mar 13, 2010
I'm trying to find a secure way to backup files on my Prod Server to Backup Server. It must be automated, so I will need to run a command with cron which will login to Prod Server from Backup Server and backup data. 1. Do you think it would be secure enough to do this by creating an passwordless RSA private key on Backup Server and adding it's public key to authorized_hosts file on Prod Server? I can't think of a way to Automate this without having to enter any passwords without passwordless RSA key. Is there another. more secure way? 2. Should I create a special user for backup, which will only have read access to all files in the directory that I am backing up? If so, How can I run a check that this new backup user indeed has read access to ALL files in the folder that I intent to back up? How can I ensure the backup process will not skip files due to some permission problem? 3. I'm thinking of using rsnapshot tool, which uses rsync.
View 10 Replies
ADVERTISEMENT
May 16, 2011
I am in the process of writing an rsync script to run unattended backups of my entire file system to another system located on my local network using ssh and password-less rsa keys.
I will absolutely will not use password-less keys with the root account and this is the limitation preventing me from accomplishing my goal because root is required by rsync to access the / tree and copy it to another location. I decided that if I compiled the script into a binary that I didn't have a problem with the password being contained within the binary itself but from what I've read there is no way to elevate to root and then back down to user level from within the script/binary.
I can create the script as the user and use chroot to make it owned by root but retain execution permission for the user but it will still cause the ssh login to be under root and therefore require either that I am there to enter my password or the use of password-less keys under the root account which I reiterate I will NOT do. Currently the script is executed by the user on the machine containing the files to be backed up.
View 9 Replies
View Related
Aug 17, 2009
Run a script on ServerA which uses a ssh-connection to ServerB to execute a few commands on ServerB. As ServerB only allows login with username+password the whole stuff gets more complex. SSH provides key authentication enabling passwordless login as you probably know. So as stated in many tutorials I did the following:
Quote:
ssh-keygen -t dsa
ssh-copy-id .ssh/id_dsa.pub osr@10.17.120.207
Trying to connect with
ssh osr@10.17.120.207
should now be passwordless but I'm somehow still getting the prompt for the password.here the output from ssh -vvv osr@10.17.120.207
Quote:
OpenSSH_4.1p1, OpenSSL 0.9.7d 17 Mar 2004
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
[code]....
interesting are probably the following lines:
Quote:
debug3: Not a RSA1 key file /users/osr/.ssh/id_dsa.
debug2: key_type_from_name: unknown key type '-----BEGIN'
View 11 Replies
View Related
Jan 20, 2011
I am just about to undergo a new peice of freelance work myself on Bind 9, but it has been ages since I have done this, this was on my own LAN with port 53? Blocked from outside, so mine is not public facing.
But this project is, what should I setup to make this truely secure, just to recap on my thoughts aswell, forward resolving is Domain -> IP is not it? Then Reverse is IP->Domain is not it?
View 3 Replies
View Related
Apr 23, 2010
What would be the best way to have automated system backups? I'm trying to get it so my Xubuntu box automatically backs up the entire system including user settings on regular intervals, what would be the best way to do it? I have 2 hard drives with one that I do not use that I'd like to backup to.
View 2 Replies
View Related
Feb 3, 2011
I am trying to keep linhost274.prod.mesa1.secureserver.net (IP 208.109.14.77) from accessing my machine. Several times per evening (as far as I see) it connects to my machine, each time on a different port, and pushes up data transfer. I can't find what it does, it just pushes a GB or more over the line and then stops. I try to keep it out with UFW:
[Code]...
View 6 Replies
View Related
Jul 11, 2010
I seem to be missing a secure.log or security.log file. I have Ubuntu 10.04 and can't find this file. I looked in the /var/log and ran a search command to no avail. Does anyone know where this file is or is it called something else. I'm looking for a file that logs any change to the security settings of the system.
View 1 Replies
View Related
Feb 4, 2010
If I need to get a file to someone I could place it on the server and somehow automate an email telling them there is a file available. They could login to the server based on their email address and a randomly generated key combination and down load the file.I also need it to preform the same function going the other way. Login into my server and place files going to me.
View 2 Replies
View Related
Jul 11, 2010
I seem to be missing a secure.log or security.log file. have Ubuntu 10.04 and can't find this file. I looked in the /var/log and ran a search command to no avail. Does anyone know where this file is or is it called something else.looking for a file that logs any change to the security settings of the system.
View 6 Replies
View Related
Feb 5, 2010
What do the default file permissions in ubuntu 9.10 protect/deny access to?
View 9 Replies
View Related
Jan 7, 2010
Been messing around with Ubuntu 9.1 for the last few weeks and am loving it so far. Been trying to get in the terminal and learn a little something, to no avail. LOL I have been googling and searching the site today for info on networking. My Linux box is a desktop, with my main HDD mounted with music, and movies and some other stuff. My intent is to network the two laptops in the house (Windows XP and Windows 7) to the Linux box so I can listen to my music and watch movies when not in the office. I have found some info, mostly involving Samba, and plan to install Samba tonight and fiddle with it. My issue was with security. I have read a few posts and they talk about the fact that if you share files in this manner, the set up is not secure at all. Is this something i should really be concerned about? If the folders I share only have my music and videos in them,
View 4 Replies
View Related
Dec 1, 2010
I'm an Oracle DBA and started working for my current employer about 4 months ago. This past weekend an alert re: FS space brought my attention to /var/spool/clientmqueue (full of mail re: cron jobs) and the fact that sendmail is not running on our Linux servers.I'm told that the IT security team deemed sendmail too vulnerable so we don't run it.Aside from FS filling up and missing notification of issues with crontab entries, I'm concerned that we may be missing notification of potential issues. In other Unix/Linux environments I've seen emails from the print daemon when it experienced problems with specific jobs.
Are there other Linux facilities aside from cron and lpd that use email to advise the users of possible issues? Are there ways to secure sendmail or secure alternatives to sendmail? My primary need/desire is to make sure that emails regarding issues on the server get to the appropriate users. Secondary goal would be to have the ability to use mailx to send mail out. There is No need/desire to receive mail from outside.
View 1 Replies
View Related
Jan 26, 2010
I set up my ubuntu server with iptables that only allows ssh in the input chain (and of course established connections) with only the mac adress of my laptop allowed to connect, set up a key with a long passphrase and installed pam_abl plugin. ICMP echo is blocked by default.
The only problem is i log all other attempts to connect to the server and i see a lot of traffic going to ports 445 and 5900.
My question is: Is there a possibility that these attempts could succeed and is there any way to further ensure this server?
View 9 Replies
View Related
Feb 19, 2011
Ok im new, i know apparmor is running. i was looking for firestarter but their isnt one.....how do i secure this server? i want a good firewall and some virus protection!. also do i need this?
View 9 Replies
View Related
Jul 27, 2011
what is the best option to securing server via firewall and iptables?
View 9 Replies
View Related
Feb 12, 2010
I'm learning to secure my server in the best way I can think of: By learning to attack it. Here's what would like to accomplish. I have SSH set up on a linux box in a offline lab environment.
Username: root
Password: ajack2343d
Now, I know I can simply brute force this as I know the password, but there has to be other ways, and I wish to learn them.
View 8 Replies
View Related
Feb 3, 2010
I am running UFW, which is set to deny everything but SSH on port 22, OpenVPN on port 1194 and HTTPS on port 443. SSH is set to only allow private key logins, and the root account is disabled. I have AppArmor running for all of my daemons (OpenVPN, Apache2, OpenSSH) and I have Fail2Ban running.
Is there anything else I can do to secure my server from the Internet (it is directly connected, there is no NAT between the Internet and my server).
View 4 Replies
View Related
Jul 20, 2011
I have a minecraft server running on a P4 box running Ubuntu server 11.04 64bit. Now would it be secure, if I allowed ufw to allow outgoing? Or would this be a huge flaw someone could exploit?
View 6 Replies
View Related
Jul 17, 2010
Is it possible to secure samba server with kerberos? I want to know whether we can use kerberos authentication to secure samba user name and password so that mo one can sniff that information. configuration or any URL link from I can get the exact configuration.
View 1 Replies
View Related
Jul 19, 2010
I am going to be away semi permanently and want to create a VPN that will allow me to act as if my laptop was connected to my home network.
All I want is for the drives to be accessible so I can use them for primary access as if they are in the laptop.
Questions:
1. Can I set up a Linux VPN that is secure using public WiFi (or however I connect to the net) when I am on the road?
2. I will be using a desktop (32 bit) as the server, what version of Linux would be best for this?
3. If my server is linux and the server drives are NTFS will they be accessible using a windows machine? (I will be double booting the laptop)
4. I would like to set up a pass-code that is stored on the laptop so that only that machine can get access.
This can be up to 255 characters and encrypted so it would be very hard to break. Even I would not know what it is. (I would store it on a pen drive and be able to recover it from there.)
One more. I might want to add separate users that only have access to their one drive, not the server drive. Is that OK?
View 5 Replies
View Related
Mar 31, 2010
I am using Nautilus to connect to an external server. Currently, I use password authentication, and all works fine. I just type sftp://SERVER and the connection is established after providing the login credentials. However, I changed the server to only accept Public Key Authentication and disabled password authentication, and as a consequence I could not login using Nautilus anymore. Is there some way to make this work?
View 9 Replies
View Related
Feb 9, 2010
I have installed my linux server on the Internet witout a router/firewall between. To secure it I used iptables and it works fine. The problem is that I'am not feeling secure enough with only iptables. Is there anything else that I can install to make my server more secure and get rid of my paranoid feelings?
View 8 Replies
View Related
Aug 7, 2010
As per our requirement, I need to implement a Secure FTP server for around 500 users which includes security level on both - Transfer and Rest data. Apart from this I also need the following features -
1. Size quota on Users & reminder mails for the same
2. Password expiry notifications and user interface to change their password within specified time interval
3. Aging of data - After specified time, data will be moved to some other location from their home directory
4. All type of log maintenace for each file and user and log exporting
5. Uploading & Downloading speed consistency as per server level.
6. Read-write interface for user and read-only interface for their client for the same account.
7. Backup and Recovery options.
As of now, I am using VSFTPD which does not give these much of features in combine.
View 2 Replies
View Related
Sep 24, 2010
Im using opennms network configuration backup server called 'RANCID'.It run on top of RHEL5 system and using APache. Here's the link which i'm accessing [URL] But any one can access this URL and obtain my configuration files
I want to secure this using a logon page.allow login Only for the successful authentications by entering the predefined username and password But after get authenticate book marking the above URL still can access anyone since it didnt prompt username and password again In eachtime executing the above url it should direct to authenticate page
View 5 Replies
View Related
Jan 28, 2011
**Edit: path for mount was incorrect Distro Server: CentOS 5.5
Clients:
Fedora(latest)
OSX(latest)
Backround I am attempting to setup a server in my house mostly(for the first time) for backups and file sharing. It is important to me that file permissions are preserved. So its my understanding that I must use idmapd in order for this to work. As of now I'm only working with the linux distros while osx will be dealt with once these two work together. portmapper is up and running, along with lockd on both machines. Firewalls are also down on both machines for now. The server side was all setup using the GUI interface with no extra options selected. Problem When attempting to "mount -t nfs4 10.0.0.2/$sharedfolder /mnt" I get an error operation not permitted with no error printing in /var/log/message. If I use "mount -t -o nolock nfs4 10.0.0.2/$sharedfolder /mnt" it mounts just fine. Ive checked both machines multiple times to make sure that lockd is up and running. In the idmapd.conf file I the domain as "localdomain" for both machines but I doubt that is right; like I stated above this is my first attempt at a server. I'm assuming the problem is a whole missing step that involves some kind of id mapping server I need to setup.
View 5 Replies
View Related
Jun 19, 2010
I've set up a server for the first time today and I'm reading up on how to secure it. But I was wondering if anyone here would give me some tips from personal experience on what to do before going online with my website for the whole world to see. I'm running Ubuntu Server edition and Apache. Am I good to go with default settings or is there anything recommended that I should first do?
View 9 Replies
View Related
Sep 24, 2010
I run the following file with the >log.log redirector and it does not capture errors.
#!/bin/bash
echo ************************BEGIN LOG******************************
date +"%m/%d/%Y %H:%M:%S $HOSTNAME"
cp -f /scripts/original/clamscans.log /scripts
[code]....
The following errors show up when I run from the file from the term window, but are not written to log.log:
tar: /public/public/clamscans/*.txt: Cannot stat: No such file or directory
tar: Error exit delayed from previous errors
mv: cannot stat `/public/public/clamscans/*.txt': No such file or directory
I know with windows you can add the 2>&1 to capture error data. Is there such a thing for Linux?
View 2 Replies
View Related
Oct 8, 2010
How to secure a Terminal Server. so that it can't be hacked by bruteforce/divtionary tools ?
View 7 Replies
View Related
Jan 2, 2010
I'm looking for a most possible, secure solution to transfer data using rsync over Internet between 2 linux server.
I have 3 option: SSH, IPSEC and Kerberos.
Which one in your opinion should be most secure solution?
View 3 Replies
View Related
Jul 17, 2010
my /var/log/secure file is not getting updated with ssh logins from yesterday.Even the login from my own ip is not updated.
View 2 Replies
View Related
