Security :: Isolate File Access For Program?
Mar 12, 2011
it is possible to change the root directory for a single, particular program. For example, I have an executable, 'miscreant.bin' that has all of it's required libraries in a directory named "libraries", in the same directory as the said executable. I can launch the program and make it use the libraries included with the executable rather than the system with:
Code:
/lib/ld-linux.so.2 --library-path ~/miscreant/libraries ~/miscreant/miscreant.bin
...or...
Code:
env LD_LIBRARY_PATH=~/miscreant/libraries ~/miscreant/miscreant.bin
With either, miscreant can be portable. But, I would also like to change the root directory (like chroot) of miscreant, so that the directory "~/miscreant/sandbox" becomes the root ("/"). So, if miscreant created a file named "/home/bryan/miscreant", it will be redirected to "~/miscreant/sandbox/home/bryan/miscreant". I am running Crunchbang 10 (Statler) on a 32-bit Atom netbook.
View 5 Replies
ADVERTISEMENT
Sep 10, 2010
I'm not really a network security guy or anything. I'm setting up an FTP server on my lan. I know how to install the software and how to setup my router but still have a couple question for an expert...
1. Which version of Ubuntu should I install? Server?
2. How can I isolate this machine from the others on the lan?
View 6 Replies
View Related
Sep 24, 2010
At school, the shop I work in has machines that run windows xp and cannot be updated to the latest SP (consider these machines "B"). This means that they are quarantined whenever connected to the network. There are also workstations that we would like to be able to connect to "B" for the sole purpose of dropping a file into a directory. These machines we will call "A" and are considered trusted.
I have No control of the school's network. I have a spare PC with two NICs as well as a 5 port switch. My thought was to use the spare PC as a gateway/router/VPN and setup an isolated "network b" consisting of all the untrusted systems. Disallow all traffic other than the VPN connection. Connect via vpn from the 4ish trusted workstations "A" to Network B. I could use mac filtering (I think) to accomplish this and disallow any computer not specifically authorized, thereby isolating the untrusted computers completely.
View 5 Replies
View Related
Mar 27, 2010
I'm trying to isolate a number from a text file using sed. The text file looks like this:
-GARBAGE-GARBAGE-GARBAGE- Number of frames: 183933 frames Codec -GARBAGE-GARBAGE-GARBAGE-
I tried the following:
Code:
sed "s/^.*Number of frames: //g; s/ frames Codec.*$//g" "info.txt" > "frames.txt"
Strangely, it only seems to be stripping off the end, but not the beginning, like so:
-GARBAGE-GARBAGE-GARBAGE- Number of frames: 183933
I'm obviously not using the command correctly, so what am I doing wrong?
View 8 Replies
View Related
Feb 9, 2011
I'm running a program called Synergy+ to let my keyboard and mouse control multiple computers. One of Synergy+'s features is that clipboard (copy-paste) data is able to be shared, as in copy on one machine, paste onto another. I would like this functionality removed but Synergy+ has no way to disable it. I'm looking for any ideas to block clipboard data from being transferred. Is there a way to block a program from accessing the machine's clipboard data?
View 5 Replies
View Related
Jul 25, 2010
I wanted to know if there was a firewall program out there that can open specific ports when a program/process is run and disable the ports again when the program is closed.
View 2 Replies
View Related
Jan 18, 2011
There is this active connection in firestarter: ec2-174-129-193-12.compute-1.amazonaws.com (Port 443 - Service HTTPS - program python)After doing ps aux | grep PID it shows: /usr/bin/python /usr/lib/ubuntuone-client/ubuntuone-syncdaemon...This comes up in the firewall in each login, how do I get rid of it and how did it get there in the first place? Another question is if there is a way to limit a program's access to the internet. For example KCalender.. The things I type up in there may be stored somewhere. How can I disable complete access to the internet for that program and any other program so they can't backup, share, check etc. ?
View 3 Replies
View Related
Nov 11, 2010
i want to make a program to write the result of access to a file ,i mean for example a user wants to (open,delete,edit)a file but if he has no access to this file ,something write to a log file.so after that i can check which user got access denied by accessing to which file.or if any tools available that can do this?or if there is any built in log access file that record the permission denied to files?
View 4 Replies
View Related
Jun 26, 2011
Looking for some help writing a simple script on my dapper server. I want the script to play a short 5 second wmv sound file. So I can tell another program to run the script. What player can or should I use and how can I set permissions on the file and script so my program has access to it . Total newb here
View 2 Replies
View Related
Apr 3, 2010
Is there a program that allows me to password lock a single file or folder?
View 5 Replies
View Related
Mar 3, 2010
I am setting up a new ubuntu server, and I am quite new to linux. This server will be used as code repository for a project I am going to be working on. I plan to setup 3 groups for users: dev, test, doc
- for various developers, testers and documentation users.
I would like to setup the following permissions on the main code repository directory:
dev - write permission
test - execute permission
doc - read permission
public (anyone outside these groups) - deny all access
I am unsure what chmod setting to use, or if this is even possible in ubuntu.
View 2 Replies
View Related
Dec 7, 2010
I would like to know if it is possible to deny the access to a file for root? Would ACL's be a possibility? I have "googled" around but haven't found anything interesting (except SELinux). I should secure a password file to an important database.
View 6 Replies
View Related
Mar 24, 2011
I'm trying to find a file access honeypot for our Fedora server.That is, if a local file is accessed, it should notify someone. Plain and simple..
View 8 Replies
View Related
Oct 1, 2010
At our company we have a central server with client files. This server has a SSH server installed, and through Nautilus all employees can access the files. However, I have a few questions:
1. Most employees need access to all folders, because they might use them at some point in time. However, I want to make sure they are not accessing things they do not need. How can I do this? For instance, if somebody copies all of the folders to his/her computer, I want to be able to see this in some sort of log. Can this be done? Copying and accessing in general is what is of my concern.
2. Some employees only need access to specific folders. Can this be easily configured with SFTP?
3. Some also use SSH and type commands which I want to check every now and then (e.g. to make sure an intern is not again copying information or accessing folders they should not be in). What is a good way to do this?
View 7 Replies
View Related
Aug 4, 2010
When I replace a drive in a RAID 1 and then resync it, why does the file access date (all the files) on the drive from which I am syncing not change? Shouldn't the file access date always change when I copy a file? Are there ways to overgo this?
View 3 Replies
View Related
Jan 25, 2011
Is anyone aware of a detailed "flow chart" -- arrows and decision diamonds, etc -- that describes the file access and permissions processing? I would love to see that diagram. Years ago on a platform far away (Digitial VAX/VMS) their manuals had such a flow chart that covered not only the user-group-owner and read-write-execute permissions decision making but also include "access control list" processing at a superficial level. If someone has access to the VAX/VMS flow chart, that might be a start toward sorting what linux does.
View 4 Replies
View Related
Nov 9, 2010
This might sound really stupid, so you'll all have to excuse my lacking knowledge. I read that USB attacks get more and more common, like putting in an USB stick with a malicious autorun script on it, and it's game over. Can AppArmor protect devices and limit their access to the file system?
View 5 Replies
View Related
Feb 12, 2011
I have been trying to use my DS2490 USB to serial device with a Maxim .DG1921G thermocron with owfs. It is supposed to give me access to a virtual file system for the thermocrom without needing to launch owfs as root.
Code:
/var/log/messages gives:
Feb 8 16:22:45 norman-HP-G56-Notebook-PC kernel: [ 236.140141] usb 5-1: new full speed USB device using ohci_hcd and address 2[code]....
but if ds2490 module is loaded it works when run sudo.It seems from this that it is a lack of permissions to USB but I have tried all the methods on at http://owfs.org/index.php?page=udev etc. to overcome this and a few others but none work.I am running Ubuntu 10.10 kernel 2.6.35-22-generic #33-Ubuntu SMP
View 1 Replies
View Related
Jul 11, 2010
I have a comcast business network adapter that has a 4 port switch. It also handles nat 1 to 1 translation for static IPs (That's just how they do it, there is no other choice).
In port 1, I have a cat6 that brings traffic to and from my linux machines, allows me to vpn, ssh, a mail server, etc. Everything here is fine.
In port 2, I have a netgear router that is setup with a point to point VPN for a client.
Here are the issues:
1. Machines that are connected to the netgear vpn router/switch can access machines on my network - I don't want this.
2. I can't access the machines connected to his lan from my lan - I need this to administer his machines somehow. Even if I have to VPN to the concentrator and do it like that.
Here is the network structure.
Code:
Internet <-> 10.10.10.1 -> switch with 10.10.10.x machines
|
-> internal vpn IP 10.10.10.50
|
[Code]....
The external network for the VPN is 10.10.10.x and the internal is 10.10.20.x. So, a machine with IP 10.10.20.100 can get to 10.10.10.X and I don't want that. I guessing it's doing this because technically, I'm 'from the internet' on 10.10.10.x and the vpn machines are going 'out to the internet'. Is there a way to have this:
vpn -> gateway traffic only?
I have a cisco 1811w at my disposal if I need to use it; however, I'm all thumbs when it comes to cisco IOS and networking in general.
View 4 Replies
View Related
Apr 16, 2011
all the packages which I have installed which are in experimental but which can be downgraded or can be had from unstable. Is there such a way ?
View 8 Replies
View Related
Dec 5, 2010
how to isolate users from a group ie accounting and force them to change their password upon login
View 1 Replies
View Related
Jul 15, 2011
I have used Awk in the past to isolate the file name from a given path..that is to say, I may have a list of files contained in list.txt.Can someone please post the Awk command that would do this? (I assume it will be very similar in form to the Awk command I showed above.)The point is, sometimes I may want to isolate the second directory, sometimes I may want to isolate the third directory or tenth or whatever - so I am hoping that if someone posts the Awk command to isolate the second level directory (to produce the output I showed in Fig.3) it should be fairly obvious by looking at the form of this command how to alter it and so isolate any other directory I want.
View 5 Replies
View Related
Oct 24, 2010
How to isolate my home files from wine 'c' drive, i.e.,why does the 'up' gui connect the two?
View 1 Replies
View Related
Mar 8, 2011
How do I create a program file for a new program?
View 1 Replies
View Related
Jan 15, 2010
Ok so Basically i have 2 questions
1. i know how to create a file with c++ using but is there a way to save it to a specific location on your computer with windows and linux
Code:
2. i need to know how to run/execute/open a file in a c++ program im using and its not working
Code:
View 4 Replies
View Related
Oct 20, 2010
I need to implement operating system level visualization to isolate a application on RHEL 5.5. Which one tool in following for implementation Linux-VServer, lxc, OpenVZ or anyone else.
View 2 Replies
View Related
Jan 20, 2011
I just followed the instructions on the winehq site to compile and install the wine 1.3 source but i cant get access to the program some help would be great.
View 1 Replies
View Related
Oct 1, 2010
i am developping a tool for freeing up unused ram in linux ubuntu. i am finding something through which i would be able to access the ram of my pc using my c program. is there any system call available? or i have to do programming at kernel level? (i mean do i have to compile the whole kernel?)
View 2 Replies
View Related
Nov 14, 2010
I am pretty frustrated with Ubuntu security partially because I don't know exactly how to fix things in it like I do windows and you can't always use GUI with Ubuntu which is quite annoying. Basically.. I created a samba share. When I copy files from my Windows machine TO the Samba share the permissions are always screwed up. I can watch the videos but I can't delete them. I have to go into Nautalis? via F2, sudo something and change permissions everytime I copy something into the shared folder. To me, this is stupid.
Another issue... I added a 2nd hard drive to my Ubuntu machine, shared the entire drive. Once again.. when I copy files to the share I can only read them.. I have to keep stealing ownership so to speak over the files. Now, when I want to CUT and PASTE from my Drive "C" Ubuntu to my Drive "D" I dont have access. Ugh... why can't there just be a way to make all files accessable.
Why should I have to pop into a different program to regain permissions everytime. When I create a folder it should STAY that way. Anything I copy into it.. its MINE. Just because I copy from another machine onto THIS machine, I am still the creator of that folder. I SHOULD have access to EVERYTHING in it.
View 7 Replies
View Related
Apr 14, 2010
Is there any program/script that can create a torrent file for each file in a directory? I have been looking all over but can't seem to find anything of the sort. I have 700+ files I REALLY don't want to make my self.
View 1 Replies
View Related
