Security :: Unlocked Port 22 On UFW - SSH Allowed
Jan 22, 2011
I had just got Arch up and running a couple weeks back, and I was following a random user's guide (previous Ubuntu user and newb to Linux in general)-- I think it may have been a mistake. When I was configuring my iptables/ufw, I'd added a rule to iptables allowing ssh to be used from anywhere (I think so anyhow); it came up as something along the lines of 'ALLOW: IN : ANYWHERE: ssh 22' in red font on gufw.
This had been open for about a few days, and I didn't realize the security risk until I learned what ssh is. So is it likely that my system is compromised and needs a full hard drive wipe? hosts.deny remained in its default state, so wouldn't that override the iptables configuration or no? Could my router have kept any potential threats out like it has before despite the rule?
View 4 Replies
ADVERTISEMENT
May 28, 2010
While reading some papers on securing apache with selinux, I have tried to bind httpd to port 3000 expecting to be blocked by the selinux, since port tcp 3000 isn't on the http_port_t list. However I was able to start the service...
I'm preety sure selinux is enforcing. Also, if I bind httpd to tcp 81 selinux denies the start of the service, as expected!Did I miss something? Why is httpd allowed to start binded to a port that's not explicitly allowed?
View 12 Replies
View Related
Jun 5, 2010
I'm using a local proxy server VPN'd to another network.
How do I setup either Firestarter or Gufw/ufw to ONLY allow in/out from ONE port? (The one port the proxy uses)
Ex: Firefox is proxied to 127.0.0.1, all ports, and then the proxy picks it up, and sends out on port xxxx, and recieves on port xxxx, then sends back thru 127.0.0.1, back to Firefox.
Any setting/rules I've treid on either Firestarter or Gufw kills the proxy>VPN (Proxy won't connect to remote network)
Addendum: If I start the proxy FIRST, then the firewall, all is good. I'm thinking the proxy uses a port to connect with remote network first, then switches to my configured xxxx port...hmmm
View 1 Replies
View Related
Sep 7, 2010
So I was testing to see what would happen if I tried to open a root shell in recovery mode, WITHOUT having first activated the root-user account (I only installed the system two days ago). I used my ordinary password and was expecting to see something like "Invalid password" or some such message. To my surprise, I got a root prompt. Thinking that this may just be how it works with recovery mode, I tried logging out of my X session and logging back in as root, thinking (or at least hoping) that it wouldn't work. But it did.
View 9 Replies
View Related
Aug 23, 2010
I want to check if a port is allowed in iptables. How to do this?
View 5 Replies
View Related
Mar 23, 2010
In the firewall, I opened port 5900 for TCP traffic. Now the console is displaying packet information whenever a connection is made. Why does it send a message to stdout/stderr for an allowed connection? How can I stop it? Logging level is set to critical only, and not-accepted packets should only be logged for the internal and DMZ zones.
View 1 Replies
View Related
Aug 10, 2010
Squid acl rules can be configured to allow specific ip's to get full access, or rather skips the blocked site list.
acl <tag> src x.x.x.x
http_access allow <tag>
http_access deny blocksites
From all the ways i tried, squid does not log these urls. Is there a way to have squid log the urls requested from allowed ip's?
Specs:
squid ver : (squid/2.6.STABLE21)
OS : CentOS 5.5
View 1 Replies
View Related
Feb 28, 2011
I use Ubuntu 10.10 with encrypted home. I'm new with apparmor. My firefox-3.6.13 is now in enforce mode - with standard profile. With this profile it should have write access only to:
owner @{HOME}/Downloads/* rw,
But I can save files (with standard downloadmanager of firefox) e.g. in $HOME itself and I can't find any other rule, which could allow that. I have thing, that ecryptfs workaround just affects the eCryptFS "part of things" and limitations of normal filenames/paths (in mounted ecryptfs) are still possible. Why can firefox write elsewhere as in to ${HOME}/Downloads? I get also this in kern.log (but not by saving a file as wrote above):
Feb 27 05:49:30 duron650 kernel: [ 2284.886631] type=1400 audit(1298782170.190:4: apparmor="DENIED" operation="open" parent=1782 profile="/usr/lib/firefox-3.6.13/firefox-*bin" name="/home/.ecryptfs/hugo/.Private/ECRYPTFS_FNEK_ENCRYPTED.FWY1tHLaOszg1UQTPB2f1Zq7Xu 0xztwk9hVX6-OCUaSGk2nU5ADkJx.rdk--/ECRYPTFS_FNEK_ENCRYPTED.FWY1tHLaOszg1UQTPB2f1Zq7Xu 0xztwk9hVXFlmP1qlJBZ2eq7XFiWljUE--" pid=2209 comm="firefox-bin" requested_mask="w" denied_mask="w" fsuid=1000 ouid=0
Why do firefox try to write to it and why do it fail even with #13 workaround?
Feb 27 06:03:23 duron650 kernel: [ 3118.231818] type=1400 audit(1298783003.534:49): apparmor="DENIED" operation="open" parent=1782 profile="/usr/lib/firefox-3.6.13/firefox-*bin" name="/tmp/.X0-lock" pid=2304 comm="firefox-bin" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
Why try firefox to access X lock?
View 4 Replies
View Related
May 22, 2011
I have the Shorewall firewall running on Ubuntu 10.10 server and the issue I am having is the firewall is blocking traffic from my transmission-daemon even though I have allowed it in the /etc/shorewall/rules.
the rules file has the following lines
Code:
ACCEPT$FWnettcp60000:60035
ACCEPTnet$FWtcp60000:60035
ACCEPT$FWnetudp51413
ACCEPTnet$FWudp51413
[Code]...
as you can see, Shorewall is rejecting packets with source and destination port 51413 on incoming net2fw and outgoing fw2net even though the rules are set to accept.
View 7 Replies
View Related
Nov 1, 2010
sudo ssh -L 750:192.168.123.103:873 username@192.168.123.103It does exactly what it's supposed to do, but how do i edit / remove this rule?Is there some config file where i can alter the forwarding? How does it get stored?Im using Ubuntu 10.10Server Edition (allthough i recon it would be pretty much the same across all versions
View 5 Replies
View Related
Apr 18, 2011
Is there any way to verify if packets being trafficked over a certain port are valid for the service you want to use this port for?
One obvious example that probably clarifies my question:
When I open port 443 (outgoing or incoming) for https/ssl traffic, I don't want this port to be used for say openvpn traffic.
Thus: when someone wants to surf to a website with https, it should be ok but if someone wants to connect to his home openvpn server over that same port, it should be blocked.
View 5 Replies
View Related
Apr 27, 2011
I'll explain this in one sentence: Is it possible to program a port-binding shellcode in which people across the Internet can connect to, without being thwarted by the router blocking their data because the port its bound to doesn't allow port-forwarding
View 2 Replies
View Related
Jul 29, 2011
I am using FF ver 5.0.1 from here After reading [URL] I did Code: sudo aa-logprof /path to firefox Allowed all when asked. But when I try to start FF in enforce mode I get
[Code]....
View 9 Replies
View Related
Nov 11, 2010
As it stands I have a small home network operating behind my modem/router. Some of the ports on this are forwarded to my PS3 for gaming but I was looking at forward some for my file server.
At the moment I've forwarded port xxx22 to port 22 on my server for SSH for instance. ANd similarly 21 for FTP (although it doesnt seem to want to connect for any more than a few seconds using that). What I was thinking of doing was placing a small website for a handful of ppl to use on the server too and port forward again - xxx80 to 80. It works just fine but I'm a little concerned on the security front.
As I've moved the port to something different from the outside world I'm presuming I will have already cut the potential for malicious folks to wander in but is there anything else I should be doing? At the moment there's no firewall operating on the server, usually as its hidden behind the modem/router. But if I open this thign up more permanently what should I be doing? I've read a few articles on it but I'm always left with the overwhelming thought of "Thats if theres no firewall in my router" as they just seem to do the same.
View 5 Replies
View Related
May 28, 2010
Problem: When my screen saver kicks in after idle timeout and I get back to my desktop the keyboard is unresponsive in already opened applications with text fields. This happens with and without the password required after screen saver is engaged. This doesn't happen all the time and seems to be transient. It happens at least once a day, but not often.
Workaround: The mouse is still usable, so I open a terminal and hit a few keystrokes. The keyboard is now responsive and I can go back to typing in the open applications that I previously had open prior to the screen saver being engaged.
View 1 Replies
View Related
Jun 24, 2011
I'm a bit worried about "too many mutexes" in my little curses-based app and would like to get confirmation/opinions that I'm doing this right. I've got an array: int nums[60] I've got 61 threads. 1-60 are doing math on the value in their array index (ie: thread1 increments nums[1], threadN increments nums[N]), then sleep(1) The 61st thread is my curses thread which does a for-loop over the array and prints out all the values to the screen, then sleep(1)
Right now, I've got 1 mutex which gets locked/unlocked each time one of the 60 threads needs to update its array-index with a new value, and the 61st thread locks the same mutex just before the for-loop beings reading the values and unlocks after ending the loop.
My questions:
A) Does the above seem OK? (I know it's ok, cause everything works right now but would like opinions on it)
B) Do I even need the mutexes since 1-60 only ever update their own index and 61 just reads?
C) If I do need the mutex protection, is there a better, more efficient way?
View 11 Replies
View Related
Oct 31, 2010
I have a script I would like to have automatically invoked every time the screen is unlocked. Does Ubuntu provide some support for users who wish to do this?
View 1 Replies
View Related
Nov 16, 2010
I have an Ubuntu desktop I have set it up to connect to my MSN Messenger account Each time I boot up I get a dialogue box saying "The login keyring did not get unlocked when you logged into your computer" with a space to type in my password This should NOT be asking for my password after I am into my account! I think this is a usability bug? How can I fix this?
View 5 Replies
View Related
Feb 24, 2011
Is there a way to see what time I unlocked the lock screen (by typing the password)?
View 5 Replies
View Related
Mar 9, 2010
I need disable usb port access in ubuntu9.10. how to disable usb port in ubuntu9.10
View 9 Replies
View Related
Apr 15, 2011
I have the default to deny all. The only rule I have in there is:
Code:
To Action From
-- ------ ----
[code]....
View 4 Replies
View Related
Apr 14, 2010
i am doing project on usb port on linux platform.i want to know hw detection of external devices happen when u plug it thrugh usb port.i want any code for this detection so i set permission for accesing that device.
View 2 Replies
View Related
Jun 10, 2010
Watching Logs and event reports,clearly something is trying to use my 40292 port.I tried to find out more about the Port, by temporary starting FireStarter.Unfortunately my search kept me stranded with the same question after 3 hours. Does anybody here knows any thing about that certain port usage?
View 5 Replies
View Related
Feb 4, 2010
Up to now I've been playing with Ubuntu whilst storing important data elsewhere for about 2 years. Now I'm ready to move to Ubuntu completely but want to address my security.I'm currently using a desktop and server behind a hardware firewall / Internet router. The router has DynDNS and forwards port 80 to the webserver and a port I picked at random to the desktop 22 for SSH with private keys. SSH passwords are disabled.
The first question is, is there a danger of running different security levels on the two machines? I don't care about the server, there is no data on it so I currently forward port 80 and am considering forwarding ports 631 (CUPS) and a port for LDAP. Will this effect my desktop (which has info I don't want to loose).The next question is whether port forwarding / hardware firewall is actually a safeguard against attack.
View 3 Replies
View Related
Apr 24, 2010
Tor open port 23 for telnet. Is this normal ?
View 3 Replies
View Related
May 13, 2010
I'm trying to SSH into my home computer from a remote location outside of my house's LAN and can't figure out remote port fowarding.
The guide here says to use the following:
Code:
I've tried connecting to my home computer through many combinations of the syntax listed above, read the man file, and looked online for help. But can't find out the proper syntax or a good guide that isn't written for Windows users using Putty.
Let's assume for the sake of simplicity that the public IP address of my home SSH server is 123.123.123.123, the private IP address of my home SSH server is 192.168.1.100, my home SSH port is 2222, and the SSH port at my current location is is 22. How would I write out the command?
Every time I try to connect I get a "connection times out" error.
View 9 Replies
View Related
Sep 5, 2010
I must be behind a firewall in this ubuntu 9.10 karmic. i need to access the Standard client TCP port. how to put a port into the firewall so that it is not blocked?
View 2 Replies
View Related
Feb 28, 2011
I've recently installed 10.10 server edition, and I must say it was a pleasant suprise, it's just the way I like it. I use it as a squeezebox-server. But I've run into a problem with the firewall. I did a portscan, which told me there are more ports open then I've told UFW to open. Among which port 25 and 119, when I telnet from another PC to those ports, the connection gets accepted, although there is no answer to any commands (as expected, there's no mail server running). Iptables print-outs also don't mention anything about the respective ports or a daemon that could be responsable, and the same applies to "ps -e" or "ps aux".
Iptables seems to be working, when I remove the rules to allow samba to work, I can't reach the shares, and when I insert them again I can reach the shares. "sudo ufw deny from any" as last rule doesn't change anything either (deny incoming is default (although I never issued the command "ufw status verbose" says it is) so it shouldn't, but ports 25 and 119 shouldn't be open either).
View 2 Replies
View Related
Apr 3, 2011
I am running a ubuntu server for home use and am currently hosting a website for testing urposes I am worried because I have to leave my port 80 open for this to work. an Idea I have is to make it that port 80 is read only.
View 9 Replies
View Related
Jul 17, 2010
I just installed Mandriva 2010 and set up the interactive firewall via the MLCC. I set it up not to allow any services to connect (didn't check any boxes). However, when I check my system using a port scanner (shields up at www.grc.com) it says that port 23 is open. Does anyone know why this would be and how I can close it When I look at the daemons running I notice that iptables and ip6tables are 'stopped' although shorewall is running - is this correct? I (perhaps wrongly) thought that iptables needed to be running in order for the firewall to work properly.
View 2 Replies
View Related
