I am using auth_param basic program /usr/lib/squid/squid_ldap_auth to authenticate users using squid from ldap. The user and pass is in clear text over the network between the browser and the squid server. Any way to send it in an encrypted format??
View 2 RepliesIs there anyway to monitor the current bandwidth in use by a user (NCSA auth) on squid? Occasionally we get a user downloading too many videos at once, which blocks bandwidth to other users on the network. As I have no idea which user it is until the end of the day (SARG reports), we just restart the squid server to disconnect their downloads.
View 6 Replies View RelatedThis question is regarding squid based security. We would like to enforce browser security onto our users and would like to know if anyone has performed this. Our goal is to check a users browser version/plugin level before allowing them to access the internet in our organization. If their browser does not meet a standard compliance level such as patches or if they are using i.e. 5.0 we would redirect them to a page telling them that they need to update their browser before access will be permitted. Has anyone performed any types of checks like these?
View 4 Replies View RelatedI want to use squid Proxy to ask username password to user for internet usage and if username password not correct squid stops user access.I use following installation commands and configuration but still squid not asking for username password, and I can use Internet browsing by defining proxy in my client proxy.I use following installataion commands one by one but non of them works, and configure squid to use ncsa_auth../configure --enable-delay-pools --enable-linux-netfilter --enable-arp-acl --disable-ident-lookups --enable-snmp --enable-removal-policies
then I use
./configure --enable-delay-pools --enable-linux-netfilter --enable-arp-acl --disable-ident-lookups --enable-snmp --enable-removal-policies --enable-basic-auth-helpers
then I use
./configure --enable-delay-pools --enable-linux-netfilter --enable-arp-acl --disable-ident-lookups --enable-snmp --enable-removal-policies --enable-basic-auth-helpers=NCSA
with following squid.conf configuration one by one.
htpasswd /usr/local/squid/etc/passwd testuser
New password:
Re-type new password:
[code]....
No error received in access.log or /var/logs/messages files, nor on client screen, client still using internet browsing without asking username password by squid,
I got some entries in my auth log that I am puzzled by. What could be the cause? I was not using my machine at the time of the logging.
Code:
I yesterday installed fail2ban on my server and I see I am not getting logs for the genuine people also who log in to my machine.In
Quote:
/var/log/auth.log
It is a Ubuntu server and I had installed fail2ban via
Quote:
apt-get install
I thought some thing might be in
Quote:
/var/log/fail2ban.log
but there I do not see any thing
Quote:
2011-02-10 20:26:35,002 fail2ban.server : INFO Changed logging target to /var/log/fail2ban.log for Fail2ban v0.8.4
2011-02-10 20:26:35,003 fail2ban.jail : INFO Creating new jail 'ssh'
2011-02-10 20:26:35,003 fail2ban.jail : INFO Jail 'ssh' uses poller
2011-02-10 20:26:35,031 fail2ban.filter : INFO Added logfile = /var/log/auth.log
[Code].....
I was considering adding the below to my RHEL5 system's /etc/pam.d/system-auth file.
password required pam_cracklib.so try_first_pass retry=3 minlen=8
dcredit=-1 ucredit=-1 ocredit=-1 lcredit=0
auth required pam_unix.so nullok try_first_pass
[code]...
Lately I have been receiving this in my auth.log file. It seems to be repeating over and over, and I didn't know if was anything normal or something I should be worried about...
Code:
I don't think it would be harmful to run ssh on the default port of 22. Especially since the machine will only accept key-based logins and only accept traffic on port 22 from external IP addresses that I specify.
View 8 Replies View Relatedinternal system mail revealed an error. Part of the mail is the below:
Feb 25 00:00:01 mbdba crond[1025]: PAM (system-auth) illegal module type: ccount
Feb 25 00:00:01 mbdba crond[1027]: PAM (system-auth) illegal module type: ccount
Feb 25 00:01:01 mbdba crond[1122]: PAM (system-auth) illegal module type: ccount
Feb 25 00:02:01 mbdba crond[1152]: PAM (system-auth) illegal module type: ccount
Feb 25 00:04:01 mbdba crond[1275]: PAM (system-auth) illegal module type: ccount
Feb 25 00:06:01 mbdba crond[1397]: PAM (system-auth) illegal module type: ccount
i have check /etc/pam.d/system-auth for the "ccount" entry, but it does not exist. "ccount" existed before in /etc/pam.d/system-auth but i managed to change it back to "account." i have grepd for the "ccount" string in all files under /etc/pam.d and i was not able to find it.
it seems that the system-auth is not able to take the now "account" string insted of "ccount" altough i have restarted crond
here is my system-auth file on the affected server:
auth required /lib/security/$ISA/pam_env.so
auth required /lib/security/$ISA/pam_tally.so onerr=fail no_magic_root
auth sufficient /lib/security/$ISA/pam_unix.so likeauth nullok
auth required /lib/security/$ISA/pam_deny.so
code....
A few minutes ago I was using google chrome when suddenly the scroll-lock indicator on my keyboard turned on... I pressed the scroll-lock key, but nothing happened, the light remained. I opened a terminal and ran "top" to find what processes were running when I was automatically logged out. I logged back and checked the logs and found the following entries in my auth.log:
Code:
CRON[2971]: pam_unix(cron:session): session opened for user root by (uid=0)
CRON[2971]: pam_unix(cron:session): session closed for user root
[code]....
I'm currently writing a simple script which uses luckyBackup to backup my /home directory to /tmp. I then want to tar it, encrypt it with gpg and move it onto a usb stick. My question is that suppose my hard disk died and I needed to restore from this USB backup, would I still be able to decrypt the file given that I would have lost gpg keys etc when the disk died? (I would still know the passphrase though). Should I be backing up gpg files separately?
View 9 Replies View RelatedIm using gmail with https always turned on but what programs can i use to easily encrypt emails? Is pretty good privacy easy to use?
View 9 Replies View RelatedI have a ext hdd..seagate go. And my 14 yr old son likes to get into it without asking me; of course i dont care when he asks but i don't really want him to get in there and erase anything. I am about to leave for training for 18 weeks with the military. Is there a way i can "secure" the drive for the amount of time that I can't take it with me?
View 8 Replies View RelatedWe have some script files on our linux servers. For security purpose our requirement is to keep these files encrypted . I mean when we open the files it will looks like as for example i am showing you one encripted file of iur server. how can i do this.
one encrypted files from our server:-
[utibaadm@AIRTELVTUD2_UVAS01server_monitoring]$cat SOUTH_DTH_MONITOR.sh
#!/bin/sh
skip=14
tmpdir=`/bin/mktemp -d ${TMPDIR:-/tmp}/gzexe.XXXXXXXXXX` || exit 1
prog="${tmpdir}/`echo "$0" | sed 's|^.*/||'`"
[Code].....
Is the encrypt system during the install part of the SE Linux or is a whole other thing and another question maybe a sounding a little conspiracy but SE linux is made by the NSA can I trust SE linux and it not be a backdoor to my stuff
View 4 Replies View Relateddoes anyone know the best way to encrypt an entire HD with both Fedora and Windows 7 on it already? At the very least I would want to encrypt the Linux partition, as that has the most sensitive stuff on it.
View 10 Replies View RelatedI loaded Ubuntu desktop onto my flash drive with the USB Installer For Ubuntu from [url]
I'll be placing sensitive data on the drive & need to figure out how to encrypt it. From what i've read so far, the easiest way will be to encrypt the swap, /home, tmp, temp files. Not quite sure how to do this. I'd prefer to encrypt the whole drive, but this seems quite complicated.
I already have Ubuntu 9.10 on my system and don't want to have to reinstall all my programs after a clean install. I want to encrypt my hard drive so it will boot and ask for a password. Does anyone know if this is possible?
View 3 Replies View RelatedI'm using lucid desktop edition, and I need to encrypt my home folder, but I didn't mark that option in the fresh instalation of lucid. I'd like the login screen to ask for the password and then decrypt my files.Is it possible to do without erasing my user?
View 2 Replies View RelatedI'm looking for software to encrypt my entire S.O. It's something like nobody can erase the hard drive or can't trying to hack. I'm using Ubuntu Server x64.
View 1 Replies View RelatedI'm trying to think of the best way to encrypt a partition on my flash drive.
I plan on storing ssh/pgp keys on it for use on different computers (including school computers, where I won't have administrative access).
TrueCrypt is going to require admin access to decrypt and mount the partition, I think, so that's out.
Are there any other methods you all would recommend?
I know Pidgin store chat log in plain text or HTML format.Is there any plugin for pidgin to encrypt the chat log while logging it?Similar to Windows version of MSN Messenger free application called MSNPlus! that contains this feature to encrypt chat log.
View 2 Replies View RelatedI just found a neat way to encrypt a file in Ubuntu 10.04.
I right click on a file and select the Encrypt option. The program prompts me to "Choose Recipient" so I choose myself on the list. Then it prompts me to enter my passphrase.
Once all that's done I hit enter and it adds .pgp to the end of whatever file just encrypted. The same basic method is used to Sign the file.
Does it sound as though what I said is correct and that the file I wanted to encrypt was indeed encrypted?
Can anyone crack my files without the passphrase? I'm sure it depends on the complexity and length of the passphrase.
Is it better to use:
Code: -c aes-cbc-essiv -y -s 512 Or:
Code: -c aes-xts-plain -y -s 512
I've never encrypted a disk before; I'm following the Arch wiki (I'm a newbie, basically). Should I try and encrypt my swap partition (I've got 512 MB RAM, 1 GB swap)? Ideally, I'd like to make it so it's not feasible for someone (even a very skilled someone) to access my files (and system -- I'm encrypting /), but still make it fairly fast and usable for day-to-day operations. If it matters any, I'm using JFS.
I have a script that crond runs each night. The script pulls some sensitive files from an SFTP server and stores them in a folder on the local machine.I need to encrypt those files on the filesystem. Ideally, I could encrypt the folder they're stored in to require a password whenever the files are accessed. The problem is that then crond wouldn't be able to access the files. Using something like ecryptfs would allow the cron script to mount the encrypted storage by supplying the password, but now the keys to the kingdom are just sitting in a cron shell script.
Is there a good way to approach this? One thought I had was finding a tool that lets cron encrypt the files using a public key, then require a password to decrypt them (silently using the password to access the related private key)I don't want too much complexity on the decryption side, because I will have relatively non-tech people needing to access those files occasionally.
Is there any yum package out there that would enable me to encrypt single files/folders via the right click menu (the one with Open, broswer etc etc)
View 5 Replies View RelatedI have just installed Ubuntu Jaunty (I do not like Karmic, please don't try to make me upgrade) and after installing all my programs I realized I did not encrypt my home directory.
I know it's very simple to do this during the installation but I can't seem to find an option to do it after it.
Is there a way to do this?
Is there a way to encrypt your swap partition after installation?
View 3 Replies View RelatedI recently installed Ubuntu Linux and did not encrypt the home directory during the install. Now I want to encrypt my home directory, or even better the whole hard drive.
View 2 Replies View Related