Security :: Write A Shell Script Setup Security Policies?

Feb 3, 2010

Is there a way to delete files on the commandline that uses the KDE-Wastebin?It appears that I never ever need the KDE4 Wastebin for files that I deleted through Konqueror or Dolphin. It is only when I delete files on the konsole with rm that I wish I could undelete them. It always happens like that, mostly by being in the wrong directory or using a wildcard when I should not have. (I don't have any erroneous deleted file right now, and I do have plenty of backups, but I just wonder whether there is something better than rm to use generally on the commandline.)

View 9 Replies


ADVERTISEMENT

Security :: Write A Shell Script Setup Policies?

Apr 14, 2011

Write a shell script setup linux security policies include:

1. password policy
2. User policy
3. firewall

Note: Create a file.sh from 1 to 3. purposes:

If (1) successful then 2 If (2) successful then 3 End

View 3 Replies View Related

Programming :: Write A Shell Script To Set Security Policies?

Apr 13, 2011

I don't know how to write a shell script to set security policies for Linux to start. and how. I know that there are many security policies for Linux but do not know which one best suited to write a shell script.

View 5 Replies View Related

Security :: Iptables Policies And Log Not Working?

Apr 12, 2009

I am facing a problem when I tried to set policies on the firewall with following commands:

iptables -A INPUT -p TCP -s 0/0 --dport 53 -j ACCEPT
iptables -A INPUT -p UDP -s 0/0 --dport 53 -j ACCEPT
iptables -A INPUT -p TCP -s 0/0 -j REJECT

[code]....

Here, I want to deny all traffic except DNS traffic, it should be permitted. I tried to log the traffic but I did not find any update in /var/log/messages.

View 4 Replies View Related

Ubuntu Security :: 10.04 - Corporate UCM And Password Policies

Sep 27, 2010

I am currently reviewing what it means to switch over to Ubuntu and I have the following scenario. If I was to switch all the windows servers over to an Ubuntu solution. I already understand that file servers/ mail servers and resources can be provided Ubuntu 10.04. The issue comes with the user accounts access and control. In a windows environment, I have a domain with sub domain sites. I am able to control passwords in each site separately thought Active directory. I need the instructions on how to setup an LDAP server so that I can control access rights to different services located on different servers.

Example 1.
I have 5 mail servers and on the HR side, I have 2 email administrators. I wish to provide them access to only the relevant resources centrally. With out having to add users to different users repeatedly. For example, if I wanted to grant the two administrators access to all five servers. As I understand it, I would have to create the same user on every server and add a public key on every server, as well as set the administration rights for that user on each server individually.

I want to be capable of doing this like I am in a windows environment from some sort of domain controller equivalent. Things that I must be able to do, manage users public keys on each server centrally. Add and remove user's access to each server centrally. Finite control on what each user can do on each server. (i.e., add them to the sudo group or any other group for specific servers/server class I specify). To a lesser extent of requirement, I also need to be able to inform users they have to change there password every 3 months from when they change it. As well as enforce password rules, such as characters complication.

View 3 Replies View Related

Ubuntu Security :: Business Espionage Dressed Up As ISP "Privacy" Policies?

Dec 2, 2010

A US ISP's "privacy" policy basically states that they will collect any and all of your data (email, posts, surfing etc ) and then "share" it". direct me to a "checklist" which can suggest counter measures for non-geeks? How can we function if we cant trust our ISP? Are there some specific 'tricks' in Ubutu to foil rogue ISPs? If yes, it would be a great 'selling point', especially for professionals concerned that rogue ISPs could "share" their intellectual property.

View 9 Replies View Related

Fedora Security :: Cryptset - Can't Read Or Write

Jul 28, 2011

So I have just set up my cryptsetup.I can open/mount it by either "crypsetup luksOpen" or just clicking on the partition from the "Places" tab and it will ask me for a password and all.

The only problem is that I can't read or write to it at all. Everything is probably root, which isn't useful to me.

So how can I change it so that when I do either of those 2 methods for opening it, I can just fully use it, read and write and everything? As my user.

View 1 Replies View Related

Ubuntu Security :: Can To Write Block All But NOT Rule For UFW?

Jul 23, 2011

For example, can I write something to the effect: block all outbound UDP connections over port 53 except those going to IP 123.456.789. Or stated another way: Block outbound to port 53/udp NOT going to ip address 123.454.678Is it possible to do this? How would I write the argument?

View 3 Replies View Related

Security :: Group Can Read, Write, But Not Delete?

Oct 14, 2010

Long time reader, first time poster. I've got, what has become to me, a brain bender. It seems ACL's are the best way to go, but I am not 100% sure. Each user should be able to create files and modify each others'files, but should not be able to delete any one elses files in a directory.chmod -1777?setfacl?

View 2 Replies View Related

Security :: SELinux Module To Allow Snmpd To Write To /tmp?

Aug 11, 2010

I am using the "extend" function of snmpd to run a script in order to extend a monitoring platform. This script being ran by snmpd needs to write to a file in /tmp for later parsing, but SELinux is stopping it from writing to the file under /tmp. The following two lines from my audit.log file show what is happening:

Code:
type=AVC msg=audit(1281516573.123:18422): avc: denied { write } for pid=6933 comm="test2.sh" name="tmp" dev=dm-0 ino=1474561 scontext=root:system_r:snmpd_t:s0 tcontext=system_u:object_r:tmp_t:s0 tclass=dir

[Code]..

View 8 Replies View Related

Security :: Vsftpd Anonymous Write To Anon_root?

Mar 24, 2011

obviously it's at least difficult but I'm interested in knowing if it's theoretically possible to allow anonymous users of vsftpd to upload to the same directory that anon_root is set to. If it's not then it's no big deal, I'm just trying to get a sense of the range of possibilities.

View 1 Replies View Related

Ubuntu Security :: Wordpress Permission To Write To Files?

Nov 9, 2010

I am having difficulties assigning permission for wordpress to write files. I am having problems with the permalink within wordpress and I think it might be because of the level of permission wordpress has. Currently on my system I need to set permission to 777 in order for wordpress to write to the .htaccess file.

I am running my website on a Ubuntu machine. Version 10.10 Apache2 2.2.4

However, when I leave the permission level set to 777 I still cannot get the permalink to point to the corrent page......See my discussion on this here. [URL]

I think what I need to do is change wordpress to use a user permission or a group permission and not "everyone". I would rather have wordpress setup to login as a specific user before it can write over a file.

View 5 Replies View Related

Security :: Write A Script To Manage Daily Backup On A USB HDD?

Aug 13, 2010

I am about to write a script to manage daily backup on a USB HDD. The server that holds the data works 24 hours a day and therefor, is seldom rebooted. I have 2 options :

OPT 1 : I mount the usb drive once and for all, and copy the data to it when I need to (twice a day, no more) and never unmount it. Except when the server is rebooted of course.

and OPT 2 : I mount the drive, copy the data and unmount it ASAP twice a day when the time has come to backup the data.

View 2 Replies View Related

Security :: When To Give Write Access To Folders On A Web Server

Feb 3, 2011

on the following link [URL] section 2 says

Quote:

The following directories need to be readable, writeable and executable for everyone:

* dokeos/main/inc/conf/
* dokeos/main/upload/users/
* dokeos/main/default_course_document/
* dokeos/archive/

[Code].....

I am not at all convinced by the idea of giving permissions to read,write and execute as these Learning Management Systems say. Let me know what you people have to say? What is the best practise in such situations? I have to get all these LMS run on same web server.

View 2 Replies View Related

Security :: How To Encrypt Shell Scripts

Apr 1, 2010

We have some script files on our linux servers. For security purpose our requirement is to keep these files encrypted . I mean when we open the files it will looks like as for example i am showing you one encripted file of iur server. how can i do this.

one encrypted files from our server:-

[utibaadm@AIRTELVTUD2_UVAS01server_monitoring]$cat SOUTH_DTH_MONITOR.sh
#!/bin/sh
skip=14
tmpdir=`/bin/mktemp -d ${TMPDIR:-/tmp}/gzexe.XXXXXXXXXX` || exit 1
prog="${tmpdir}/`echo "$0" | sed 's|^.*/||'`"

[Code].....

View 3 Replies View Related

Ubuntu Security :: Write Permission To Mounted File System?

Feb 1, 2010

I just found that I could perform write operation using a normal user account to a file system I mounted with the commands as followed:

sudo mount -t ntfs /dev/sda1 /mnt/disk/

This is the corresponding entry in the output of "mount" command:
/dev/sda1 on /mnt/disk type fuseblk (rw,nosuid,nodev,allow_other,blksize=4096)

As far as I remember, when using a normal user account, I had to use "sudo" to perform any write operations (mkdir, rm, etc) to a device mounted using "sudo". But now it seems to be changed.

Do I remember wrong, or did Karmic have any updates change this setting? (I never manually changed user settings, except that I added a root user, but I never used it.)

OS: Karmic(up2dated)
Kernel: Linux stephen-laptop 2.6.31-17-generic #54-Ubuntu SMP Thu Dec 10 16:20:31 UTC 2009 i686 GNU/Linux

View 4 Replies View Related

Ubuntu Security :: Write Allowed Even AppArmor Forced In Firefox

Feb 28, 2011

I use Ubuntu 10.10 with encrypted home. I'm new with apparmor. My firefox-3.6.13 is now in enforce mode - with standard profile. With this profile it should have write access only to:
owner @{HOME}/Downloads/* rw,

But I can save files (with standard downloadmanager of firefox) e.g. in $HOME itself and I can't find any other rule, which could allow that. I have thing, that ecryptfs workaround just affects the eCryptFS "part of things" and limitations of normal filenames/paths (in mounted ecryptfs) are still possible. Why can firefox write elsewhere as in to ${HOME}/Downloads? I get also this in kern.log (but not by saving a file as wrote above):

Feb 27 05:49:30 duron650 kernel: [ 2284.886631] type=1400 audit(1298782170.190:4: apparmor="DENIED" operation="open" parent=1782 profile="/usr/lib/firefox-3.6.13/firefox-*bin" name="/home/.ecryptfs/hugo/.Private/ECRYPTFS_FNEK_ENCRYPTED.FWY1tHLaOszg1UQTPB2f1Zq7Xu 0xztwk9hVX6-OCUaSGk2nU5ADkJx.rdk--/ECRYPTFS_FNEK_ENCRYPTED.FWY1tHLaOszg1UQTPB2f1Zq7Xu 0xztwk9hVXFlmP1qlJBZ2eq7XFiWljUE--" pid=2209 comm="firefox-bin" requested_mask="w" denied_mask="w" fsuid=1000 ouid=0

Why do firefox try to write to it and why do it fail even with #13 workaround?
Feb 27 06:03:23 duron650 kernel: [ 3118.231818] type=1400 audit(1298783003.534:49): apparmor="DENIED" operation="open" parent=1782 profile="/usr/lib/firefox-3.6.13/firefox-*bin" name="/tmp/.X0-lock" pid=2304 comm="firefox-bin" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
Why try firefox to access X lock?

View 4 Replies View Related

Ubuntu Security :: Read/write Access To MP3 Files In /usr/Music?

May 2, 2011

I had to reinstall Ubuntu (Natty) on a brand new computer and while installing I setup the datas partition to be mounted in /usr but now I can't have access to files I put in there even if I setup the group/user permission! I can accezz /usr/Music but all files are locked

View 5 Replies View Related

Security :: Remove Read/write/execute Permeation From Directories In '/' For 'others' ?

May 4, 2010

I was running '# ls -l' in '/' directory and I noticed all directories in '/' have the following permeation 'drwxr-xr-x' [except root's home which is 'drwx------' (after I change it from 'drwxr-xr-x' )]

I don't want all the user (except root) to be able to read and execute (in) any directory, I just want every user to be abel to read/write/execute only in his/her home directory.

my question is, is it ok to change file and directory permeation of the following directories in '/' from 'drwxr-xr-x' to 'drwxr-x---' or 'drwx------' recursively?

/bin
/boot
/dev
/etc

[Code]....

-I and the other users use the pc for internet, open office and email mainly.

-It does not run server(s) like smb/cif or NFS.

-There are 5 usernames (created by me, non of them are superusers) in th pc, only one user is required to login at any one time.

View 3 Replies View Related

Security :: Write A Specific Rule To Check For Spoofed Packets?

Apr 21, 2010

Just wanted input for this script i have cobbeled together. Its not done yet. I am trying to think of ways to close up my outgoing while maintaining full functionality of my laptop ( irc, web stuff, a torrent or two, etc.) . Anyways, I have done some myself; as well as, pulling bits and pieces from other stuff out on the web. I am starting to wonder why i have to write a specific rule to check for spoofed packets if my default input is set top drop. wouldnt it be caught?

Code:
#!/bin/bash
### Laptop + Desktop: No Forwarding firewall ip4 / ip6
### Distro > Debian / Ubuntu.
### oliverteasley@gmail.com

[Code]....

View 12 Replies View Related

Security :: How To Write Iptables Rules To Control Drop All Connection

Feb 23, 2010

I have setup my linux fedora server and i want to restrict access to my server.Basically i control using iptables.I'm not sure how to write an iptables rules to control drop all connection to port 8080 and allow only certain ip can access the instance on port 8080 example ip=10.254.14.16,192.168.1.10.

View 3 Replies View Related

Security :: Write Secure Code For Bash Scripts In General?

Feb 9, 2010

how to write secure code for bash scripts in general? Strangely I didn't found anything in google and in the forum so far. If someone here is willing to review a bash script for me (about 600 lines).

View 6 Replies View Related

Ubuntu Security :: Testing Shell Codes In 10.10

Feb 9, 2011

I am learning exploit development and learning some stuff about shellcodes now! The shellcode is absolutely right and have tested it. I am using the following code...(created by me) to run my shellcode..

Code:
// #include<stdio.h> we will not be needing this as we are not using any functions from the C library...Just basic logic of Pointers..
char shellcode[] = "x31xc0xb0x01x31xdbxb3x07xcdx80"; // basic exit shellcode
int main()
{ int *ret; // a simple integer pointer pointing a address
ret = (int *)&ret + 2; // change the address pointed by
(*ret) = (int)shellcode; }

Compiling :-
Code:
aneesh@aneesh-laptop:~/articles/C$ gcc test.c -o test -fno-stack-protector
Compiling gives no errors as expected..

Now the problem I am facing is that As I run the program :-
Code:
aneesh@aneesh-laptop:~/articles/C$ ./test
Segmentation fault

Strace output :-
Code:
aneesh@aneesh-laptop:~/articles/C$ strace ./test
execve("./test", ["./test"], [/* 37 vars */]) = 0 .....
set_thread_area({entry_number:-1 -> 6, base_addr:0xb78016c0, limit:1048575, seg_32bit:1, contents:0, read_exec_only:0, limit_in_pages:1, seg_not_present:0, useable:1}) = 0
mprotect(0xf5e000, 8192, PROT_READ) = 0
mprotect(0x8049000, 4096, PROT_READ) = 0
mprotect(0x15c000, 4096, PROT_READ) = 0
munmap(0xb7802000, 81274) = 0
--- SIGSEGV (Segmentation fault) @ 0 (0) ---
+++ killed by SIGSEGV +++
Segmentation fault

I have some feeling that its because the program has no access to the memory containing the shellcode (May be???)..

View 2 Replies View Related

Ubuntu Security :: How To Add User Password In Shell Script

Mar 17, 2010

I'm currently creating a simple sh file which will copy the contents of a certain directory to / directory. in my sh file:

Code:

cd "$DIR"
for i in *.*; do
sudo cp -iv "$i" "$DEST"
done

but this requires user password. can i add the user password in my sh file? how? I'm trying to do this because I have an application to run the sh file and the application has no way to enter the password..

View 9 Replies View Related

Ubuntu Security :: Running Shell Commands From Apache

Jun 3, 2011

Ok, so I have a few web apps that need to run shell commands. Heres a great example of one:

Code:

This is a PHP script getting my system volume. Herein lies the problem... www-data doesn't have permission to do this!

I changed my apache config to use MY account as the web user, and it does in fact work the way I want it to.

Obviously, I dont want to leave apache running as me, and want it to keep using www-data.... heres my question... how can I give permission for www-data to execute certain programs?

View 3 Replies View Related

Ubuntu Security :: Advance User Setting Shell

Jun 22, 2011

As I was researching on how to create a kiosk Ubuntu setting I came upon a suggestion to create the user with '/usr/bin/screen' shell option.Hope you all would forgive me for this noob question but what does this mean? I saw when I checked the Advance Settings Advance tab that there are a couple of possible options there, what do they mean and how will they affect the user profile I'm creating? I tried google for this and if my understanding is correct, these shells are suppose to be programmable and a scripting language for linux but I'm confused on what effect this has on the user profile I'm creating?One thing I notice though is that with the '/usr/bin/screen' option, the user account is refused of the Applications > Accessories > Terminal option.When I googled each one of the options I'm getting more confused as to the relevance of this to the user profile.

View 3 Replies View Related

Security :: Shell Login Tripwire - Optimal Place?

Jul 11, 2010

I have disabled root login in my remote shell and I have a pretty strong password. I am not happy though. I want to increase security. I've been thinking about installing some basic tripwire rig, like say, send myself an email every time I (or anyone) log in. My questions:

- What kind of data would be useful to be sent in that email? Anything else besides "user so-and-so logged in at {date and time}"?

- How would I achieve that? Is it enough to include it in .tcshrc (because my shell is tcsh)? Should I add it to other shells as well (.bashrc, .csh etc.) even though nobody uses the other shells? Is it better placed in some other file, like .login? What is the optimal place?

- Would that be enough? Can I make that whole idea more secure in any way?

View 11 Replies View Related

Fedora Security :: Python Library For MLS - Write A Program To Change Range For Users?

Apr 16, 2010

I need to write program (preffer Python) to change range for users. Does anyone know some library which can help me to do that? Maybe someone has written program like that?

View 5 Replies View Related

Security :: Fork Bombs Can Also Very Easily Be Standalone Shell Scripts?

Dec 12, 2010

Fork bombs can also very easily be standalone shell scripts? https://bugs.launchpad.net/ubuntu/+s...sh/+bug/689176

View 4 Replies View Related

Fedora Security :: How To Do Setup Firewall

Jul 22, 2009

Up until recently, as in a few days ago, I was using Ubuntu and had ufw managing the firewall.It's been "recommended" that iptables itself be used. Where do I do the rules go (as in a file) and how do I call those rules at startup?

View 6 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved