Security :: Setting Limits For Authenticated User - Controlling Shells

Apr 16, 2010

I want to limit what a authenticated user can do on my Linux server. I've set the default shell to rbash, but I know a knowledgeable user can switch shells. Can I use file permissions to deny execution rights to /bin/bash to anyone who is not in a particular group? And if that works, how do I find out what other shells are installed on my server (Ubuntu 9.10)?

View 7 Replies


ADVERTISEMENT

General :: Pam - /etc/security/limits.conf For Setting Program Limits?

Feb 9, 2011

I have the following inside /etc/security/limits.conf(I have specified root separately because * will not include it.)

user2 - core unlimited
* - core 0
root - core 0

[code]....

View 2 Replies View Related

Security :: Controlling User Access On Redhat Enterprise?

Mar 15, 2011

Im am working on a system which runs on RedHat Enterprise I have been asked by superiors to see if the following is possible. (sudoers file config change i guess)

Example
User1 has root access
user2 has root access, but must not be able to access ctmag (user account)

I know the obvious here is that if user2 can switch to root then it won't work. But i just need to prevent user2 from su - ctmag. A password is set on the account ctmag, but as user2 has root access it switches without a password prompt

Is there anyway i can prevent user2 from switching to ctmag but still have access to root?

View 6 Replies View Related

Software :: Protecting A Multi-user Server - Per-user Limits

Feb 8, 2010

I'm looking for a way to limit:

-memory usage (mb/user)
-cpu usage
-processes (amount and no same process multiply)
-connections (amount of connections (to specific host))
-bandwidth (kbps/user and even owerall for regular users)
-disk usage
-available commands

For every other users than me/root.

View 1 Replies View Related

Ubuntu Servers :: Setting Up Authenticated SMTP Relay?

Jun 15, 2010

I am new to the Ubuntu Community and just starting to build my Ubuntu 10.04 Server. I am a novice in Ubuntu, though maybe not a full n00b any more

I travel around a lot with my laptop, (also Ubuntu 10.04). However, my ISP does not allow me to send email via their SMTP when I am not in their IP range.

Since I have this little server I am building, I thought it would be nice if I could have my own SMTP relay. The objectives would be simple:

- I do not need a mailbox or POP server (yet).
- I wish to send email from any place in the world. I can not use a filter on IP ranges or local networks only.
- If my server could do this, I just configure Evolution on my laptop to send mail to my home IP address, using some sort of authentication and/or security/encryption (whichever is easy to implement).
- My server then just forwards my mail to my ISP. Since the server is inside the IP range, it can be handled as usual.

I have been digging through several howto's and the ubuntu server guide, searching some forums etc. Even while I don't fully grasp the things explained, I can't get the idea that one of those is "Just what I need".

Even still, if there is some other service outside my own that can do this (a public SMTP relay maybe?) I would also be happy to consider as long as it is safe and does not "eavesdrop" on my messages.

View 3 Replies View Related

Ubuntu Security :: Setting Permissions For Www User Only?

Mar 19, 2010

I wanna make a small web server for local use , I've installed apache, every thing works fine I'm the root

I wanna protect the folder that contain the htdocs files (www), i don't want any users that not in root group to access (not even read)

I changed the permission of the htdocs folder as next

Owner: www (apache user)
per: creat , delete
group: root
per: creat , delete
other: none

it only works on the main folder that i changed its permissions ! not all sub folders and files ! were my steps right ? and are their anyway to change all folders and files at once ?

View 4 Replies View Related

Ubuntu Security :: Advance User Setting Shell

Jun 22, 2011

As I was researching on how to create a kiosk Ubuntu setting I came upon a suggestion to create the user with '/usr/bin/screen' shell option.Hope you all would forgive me for this noob question but what does this mean? I saw when I checked the Advance Settings Advance tab that there are a couple of possible options there, what do they mean and how will they affect the user profile I'm creating? I tried google for this and if my understanding is correct, these shells are suppose to be programmable and a scripting language for linux but I'm confused on what effect this has on the user profile I'm creating?One thing I notice though is that with the '/usr/bin/screen' option, the user account is refused of the Applications > Accessories > Terminal option.When I googled each one of the options I'm getting more confused as to the relevance of this to the user profile.

View 3 Replies View Related

Fedora Security :: Setting Up Server To Store User Login Information

Mar 18, 2010

I wanted to set up Computer Lab. loading Fedora 11 OS and one system acting as a Server to store Users(Student) Login Informations. When students do a programs, all programs (eg, C++ programs) files should be saved in the local fedora system but when login to the system, the login should be validate by a Server System.

View 5 Replies View Related

General :: Reset Password As Key-authenticated User?

May 28, 2010

I have shared keys setup on my domain, so I never type my password to login anymore.

I've forgotten my password now. This is a problem because only my user can sudo. Password authentication for root has been disabled, so without my password, I cannot do maintenance on my web server.

Is there a way to reset my password as my [now only] key-authenticated user?

Specifically, can this be done on CentOS 4?

View 2 Replies View Related

General :: Creating Certificate Authenticated User?

Aug 19, 2010

I am trying to create a certificate case user logon via ssh. On the server I have openSSH and a few users. I want to be able to assign a user a certificate to connect remotely via SSH.

View 1 Replies View Related

General :: Limits.conf To Set Memory Limits?

Jan 30, 2011

I would like to limit any process from using more than 500 MB of RAM. AFAIK this is done using RSS in /etc/security/limits.conf but the process called gnome-panel apparently is using 618436 kB of VmRSS. How can this be ?

/etc/security/limits.conf
* hard rss 512000
username@debian:~$ cat /proc/3002/status
Name: gnome-panel

[code]...

View 2 Replies View Related

Ubuntu Security :: "Software Updates Can't Be Authenticated?

Apr 24, 2011

...a malicious individual could damage or take control of your system"See: https://dl-web.dropbox.com/get/Publi...png?w=ae903921and: https://dl-web.dropbox.com/get/Publi...png?w=2c144a02So should I really go ahead and install the updates or what may have gone wrong at the Ubuntu repository?

View 9 Replies View Related

OpenSUSE Network :: Confine An Authenticated FTP User To The Designated Ftp Directory?

Feb 10, 2010

I have configured my Laptop running OS 11.1 as an ftp server with vsftpd behind a router on my home network. I have managed to get it working so that I have authenticated users who can connect and write using the external ip address. The problem is that the authenticated user, rather than being allowed access only to the folder in question (/srv/ftp), can browse my entire directory structure.

When I tried this from a different computer (a Mac) from within my home network (but connecting through the external IP address) with fileZilla, using a user name I established as the authenticated ftp user (not my own uname), I could even download and write to other locations in the directory. I had another person try from outside the network, and they could browse the entire directory, but couldn't download from it. how can I confine an authenticated FTP user to the designated ftp directory?

View 2 Replies View Related

Security :: Controlling External Network Access Per Processes?

Aug 13, 2010

That would seem like an elementary feature to be able to enable only a few system applications access to the Internet. That would prevent trojans to download your HD for examples. I looked around and played with iptables but I couldn't not find anything that do the job. I loaded the xt_owner kernel for iptables but the --cmd-owner command is lacking. That was my holy grail but could not get --cmd-owner to work. iptables -I OUTPUT -m owner --cmd-owner "firefox" -j LOG --log-prefix "Testing " How can I protect my machine against the enemy within.

OpenSuse 11.2
Kernel: 2.6.31.12-0.2-desktop

View 1 Replies View Related

General :: Coredumps Don't Work After Enabling Them In /etc/security/limits.conf On Debian

Aug 25, 2011

I have some init scripts that launch some daemons that I wrote. I want Linux to generate a coredump anytime something crashes. I activated coredumps in /etc/security/limits.conf by adding the next line:

* hard core 100000 After rebooting, I run ulimit -a and I can see that coredumps are not activated: > root@computer:~# ulimit -a > core file size (blocks, -c) 0 First, I checked if there is any file script on my system that deactivates coredumps (greping ulimit -c 0 ), but I didn't find anything so far.

Then, I created a bogus c program..to double check if it's working, and I can confirm that it's not. The program is this

[Code]...

View 1 Replies View Related

Ubuntu Security :: Install In Synaptic Package Manager A Box Appeared Saying Ufw Was Not Authenticated?

Jan 2, 2011

I was planning to re-install ufw. When I selected it and then install in Synaptic Package Manager a box appeared saying ufw was not authenticated.

View 2 Replies View Related

Security :: Policy That Limits Connections On Port - Encapsulates Total Sum Of All Connections From Hosts?

Jan 21, 2011

Is it fair to say that connLimit and hashlimit are very similiar on Linux i.e. while hashlimit caters to limits for groups of ports, they both set the connection rate limit per host? How in IPTables, do I configure a policy that limits connections on a port that encapsulates the total sum of all connections from all hosts? i.e. I do not want to allow more than 6000conn/minute for port range that is the sum of all connecting hosts?

View 3 Replies View Related

Security :: Changing Home Directory Permission In User Management After User Created In Suse(KDE)?

Feb 2, 2011

created a user but i forgot to change the home directory permission.so after user created when i go to the user and group mangement i cant see that permission filed related to the home permission directory.my purpose is to stop accessing other user to my home directory,how it can be possible??

View 4 Replies View Related

Security :: Create A User And Limit User To A Directory?

Apr 15, 2009

I've been looking for this feature for months and couldn't find a solution for this. Does anyone know how to create users and limit the user to a specified directory?

View 6 Replies View Related

Security :: User Authentication Security Mechanisms

Feb 2, 2011

What security mechanisms are used by recent versions of the Linux operating system during user authentication?

View 3 Replies View Related

Fedora :: Setting Up Root User?

Apr 16, 2011

I am novice user of Fedora 14. I want to set up root user for Fedora 14.

How do I do it?

View 3 Replies View Related

General :: What Is The /bin/ksh Shells

Jun 27, 2010

what is the /bin/ksh shells

View 1 Replies View Related

Security :: Setting Up Firewall

Mar 7, 2011

Setting up firewall

View 12 Replies View Related

Ubuntu :: Setting The Default User Accounts?

Feb 28, 2010

I'm using ubuntu and i need to know if it is possible to make a "prototype" account that sets the defaults for new users when a new account is made. How would i go about doing this. I would like to have the same start up programs, panel, themes, background, etc...

View 6 Replies View Related

Software :: Setting The Default Desktop For User?

Aug 20, 2009

I am creating a music server. I have the video of the box connected to my TV. This is an OLD computer, so I'm trying to lean up the normal software running as much as possible. I have the computer logging in as guest if no one logs in within 30 secs. Right now, it logs into gnome for everyone. Btw, I'm running FC8 on this computer. It is running gdm. I would like it to have it use something lighter like twm when logged in as guest. But I still want a full gnome session when anyone else logs in.

View 1 Replies View Related

Software :: Getting Error While Setting Password For Nis User?

Feb 11, 2010

i have configured nis server on my system but i am getting error while setting password for nis user logan i am not able to understand what couldbe wrong?

[root@station137 ~]# yppasswd -p logan
yppasswd: can't find the master ypserver: Internal NIS error
[root@station137 ~]#

View 8 Replies View Related

Security :: Setting Up IPTables For Kubuntu 10.4?

Feb 21, 2011

After discovering that the firewall was wide open I decided to finally study the iptables docs and learn how to add rules. Now, I've not yet finished reading guides and documentation but I'd like some advice before I set the default policy on the input chain to deny. I have added a permissive rule for the loopback adapter so that programs that use it do not become mute suddenly. I will also use netstat to see what ports to open for each program that connects to the internet. I'm not that interested in what ports to open but how to find what ports to open.

View 3 Replies View Related

Security :: Setting Iptables Rules

Jan 27, 2011

I am setting my firewall rules using the command iptables.My question is i wanna know what command i can use that list rule 2 and 3 for instance in my table?i want to create rule that: The host is administered using SSH, scp and sftp so allow incoming SSH traffic and securing remote file copying and transferring.

View 2 Replies View Related

Security :: Setting Permissions On Different Groups?

Nov 26, 2010

We are a school and we share a samba folder with students and teacher groups. What we are trying to do is:

- Give students group users the permissions to rwx own files in folder

- Students must not be able to do anything with others files. I mean nothing so, at most, they could see the files in folder but not read it.

- Teachers can do anything with files in folder

As you can imagine, the idea is that students deliver their exams in that folder without the ability to read/copy the other students files. With sticky bit we can restrict students permissions to their own files, that is ok, but how to restrict all the permissions on other students files without restricting student access to that folder?

View 1 Replies View Related

Slackware :: Setting Up A Little Security On Xfce4?

May 9, 2010

First and foremost please give me your opinions on what I want/should to do for security. I would like to set up my system sp that the session times out and requires a password to unlock the screen. Also I would like a firewall and maybe virus detection just in case. I want to set up a guest user with minimal to no privileges. How should I go about doing this?

View 14 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved