Security :: Pass A Key File To The Crypttab From An NFS Mounted Location?
Apr 12, 2011
I am implementing hard drive encryption. I wish to pass a key file to the crypttab from an NFS mounted location. But I could see that the disk encryption process starts very early during the booting process, before fstab is run. I could not find which script, in rc5.d, starts this service. And I am confused on how nfs mount are performed from fstab, as the network service starts at a very later stage than after fstab is called to mount the local partitions/disks. In my case, I have to wait until the nfs is mounted and then call the /dev/mapper mount (in fastab) to mount the encrypted partition.
View 2 Replies
ADVERTISEMENT
Feb 1, 2010
I just found that I could perform write operation using a normal user account to a file system I mounted with the commands as followed:
sudo mount -t ntfs /dev/sda1 /mnt/disk/
This is the corresponding entry in the output of "mount" command:
/dev/sda1 on /mnt/disk type fuseblk (rw,nosuid,nodev,allow_other,blksize=4096)
As far as I remember, when using a normal user account, I had to use "sudo" to perform any write operations (mkdir, rm, etc) to a device mounted using "sudo". But now it seems to be changed.
Do I remember wrong, or did Karmic have any updates change this setting? (I never manually changed user settings, except that I added a root user, but I never used it.)
OS: Karmic(up2dated)
Kernel: Linux stephen-laptop 2.6.31-17-generic #54-Ubuntu SMP Thu Dec 10 16:20:31 UTC 2009 i686 GNU/Linux
View 4 Replies
View Related
May 4, 2010
I'm setting up a server with Jaunty Jackalope version. I'm trying to test setting up a basic iptables rules... No matter which command I put in, it is failing on the first command when I run iptables-restore < file location (the first rule always fails). I'm doing this on the root user and first typing in the iptables rules in a test file. I've tried the first command starting with % sudo, iptables and -A. All have the same result. I've also tried letting the HTTP rule be first with the same result.
[Code]...
View 2 Replies
View Related
Jul 17, 2010
I have an external USB had drive. It is a Buffalo drive. When it is mounted it appears in /Media/Buffalo. The problem is, every time I reboot my system it is mounted to a different location.
e.g. /Media/Buffalo_1
reboot again and it is mounted to /Media/Buffalo_2
The two previous mount points always remain present as empty directories. This is creating problems I need to do away with. I need to work out how to get this to mount to the same directory every time. In opensuse 11.2 with the automount option installed I did not have this problem. It has only appeared since the install of 11.3.
View 9 Replies
View Related
Feb 24, 2011
I want to backup some data on my Fedora box to a external Hard Disk (USB). I mounted the external HD on my box. I wrote a bash script to do that and I scheduled a cronjob to execute the script. When I am online the script executes as planned. However when I am logged out the copy does not work. I also tested this with a cifs mount (via fstab) and that does not work either. I set the script to generate some output at the end and that is OK so the script does run when I am offline. I suppose the mounted locations are not reachable while logged out, is that correct? Is there a workaround so I can reach the mounted locations while logged out?
View 2 Replies
View Related
Nov 17, 2010
Can we export a raw device through NFS/CIFS to be mounted at remote location?
View 2 Replies
View Related
Jun 24, 2010
My setup: Debian Squeeze;4 physical partitions, 3 of those create 1 volume group, 13 logical volumes within that vg; 1 unencrypted(boot); all others encrypted including swap.As stated in the man crypttab:The order of records in crypttab is important because the init scripts sequentially iterate through crypttab doing their thing.
View 2 Replies
View Related
May 4, 2010
The wifi is not working for me. The scan detects the wifi signal but fails to connect. The wifi I have requires WEP authentication, even if I give the right passphrase it fails to connect. The problem is happening in SUSE 11.2 installed in HP dv7-3065dx laptop.
View 4 Replies
View Related
Apr 11, 2011
I'm using ssh key based authentication and I was pleased to find that when I set it up out of the box when I connected to my ssh server it prompted me with a password window rather than typing into the terminal and it remembered the pass phrase from one connection to the next.
For some reason it's stopped showing me the window, instead I'm logging in through the terminal, and it's stopped remembering my pass phrase between connections. since I don't know what the program was called that gave me the login box it's rather hard to search for.
View 4 Replies
View Related
Nov 26, 2010
The iptables has every rule set correctly, the users in the subnet works great, but I have the following issue.every user connect to a mysql running on the internet through the port 3306, the forward and masquerade do the job. Now I have a user in the outside, and he wants to connect to a mysql in a certain machine (Not the gateway), prerouting rules solve my problems, but all the packages from the inside users goes now to that certain machine. I would like something like if the package passed trough masquerade don't pass trough the prerouting rule, and if it come from the outside (Not a package that come from a petition from the inside) pass trough the prerouting rule.
View 6 Replies
View Related
Oct 29, 2014
Setting up a randomly passworded swap partition in Debian installer with the default settings (aes-xts-plain64 w/ AES-256 key strength) gives the following line in /etc/crypttab:
Code: Select all####_crypt /dev/#### /dev/urandom cipher=aes-xts-plain64,size=256,swap
However according to cryptsetup manpage when using XTS mode the key size must be doubled so in effect the 'size=256' parameter above is actually resulting in AES-128 strength, no? To get 256 bit key length the size option should be set to 512. Quote from cryptsetup manpage:
For XTS mode (a possible future default), use "aes-xts-plain" or better "aes-xts-plain64" as cipher specification and optionally set a key size of 512 bits with the -s option. Key size for XTS mode is twice that for other modes for the same security level.
View 3 Replies
View Related
Jul 3, 2010
I bought a mlb.tv to watch baseball game online and they have blackout for local teams. I try to use proxy sock to bypass the blackout, but for some reason they know my location because I'm getting blackout. I check to see if they were just checking for proxies and I went and I try to watch other games not in my area and I was able to watch it. I use this command on the ssh client "ssh -D 9090 user@domain.com" and I change the setting on my network. I do a ip lookup and the ip address is from the server location. I dont want you guys to tell how to bypass, I just want to understand how they know my location.
View 1 Replies
View Related
Dec 24, 2010
If /tmp and /dev/shm partitions are mounted with the noexec flag then this prevents someone from executing something in those partitions.
Example:
You will get permission denied
However if you execute that same script like this:
Then the script gets executed which makes the noexec flag useless.
If there any way to prevent this bug/vulnerability?
View 3 Replies
View Related
Dec 1, 2010
I installed Ubuntu 10.04 only be dismayed to find ${HOME}/bin FIRST IN THE PATH. I blogged about it at my blog (I sudo an xterm rather than just sudoing to get a different background for the sudo'd xterm): [url]
I agree that some new user should probably not be logging on as root. But if the replacement for 'ls' is in their ${HOME}/bin/ the sudo'd shell inherits the same PATH, umask, and everything else! In general I take a dim view of a sudo only way of doing things. It seems to cause more problems than it solves for disciplined, knowledgeable users. In the case of Ubuntu it caused me to create a /root folder for root to reset the umask back from 077 which is what I use over to 022 which is what root should use. The /root/.profile of course made sure there is no /home/me/bin in the sudo'd PATH. It didn't matter because somebody is not just SETTING the file perms and is instead calculating them based off of modifications to the umask. JUST SET THEM! I ran into a problem with GRUB getting things fouled up because I was having to remove the new kernels and instead of using the command line option (much prefereable) used Synaptic Manager instead: [url]
In fhe case of an infection living in a user's file space you really should want to go in to clean it out as some other user than the user that is infected. Having said that the hackers seem to be going for the whole enchilada right off the bat. A WARNING is in order here. DO NOT USE A ROOT ACCOUNT OR SUDO FOR NORMAL TASKS! But please put ${HOME}/bin last in the PATH or preferably don't even put it in the PATH at all. Let users add it themselves if they want it. Also once hackers figure out that hijacking a sudo tty (from what I just read else-where here I would say several hackers are working on doing that right now - sendmail my ****) is a dandy way of doing things you really will need to provide for ways of cleaning a user infestation out by going at it some other way than through that infected user. A lot of Ubuntu users have only one login account, the one they created when they set the machine up.
View 9 Replies
View Related
Jan 22, 2010
I've got this in my Apache2 config (on a Ubuntu 9.10 server):
Code:
<VirtualHost _default_:443>
DocumentRoot /srv/svn
<Location /repos>
DAV svn
[Code]....
When I comment out the "allow from" line, I have no access to this server at all, but when "Allow from 127.0.0.1 172.23.120" is activated, I can also access that location from other IP's (I can even access it from the internet).
What I really want is access limited to the IP's in "Allow from" because I don't want anyone accessing our subversion repo's from anywhere else.
View 5 Replies
View Related
Jan 4, 2010
Quote:
alexander@osiris:~$ uname -a
Linux osiris 2.6.31-14-generic #48-Ubuntu SMP Fri Oct 16 14:04:26 UTC 2009 i686 GNU/Linux
I tried to change the sys_call_address to another location in memory. The result was an OOPS!
sys_call_address is of course not exported, so I found it using:
Quote:
grep sys_call_table /boot/System.map-2.6.31-14-generic
c0577150 R sys_call_table
My kernel prog looks like:
Code:
#include <linux/string.h>
#include <linux/smp_lock.h>
#include <linux/init.h>
#include <linux/module.h>
[Code].....
View 5 Replies
View Related
Mar 12, 2010
in case you have been wondering how some websites hide the exact location of a file on their filesystem, just thought i'd share it with the commnity at large in case someone else is looking for something like this.i take no responsibility for how it is used.
View 4 Replies
View Related
May 5, 2011
We have setup a separate partition to keep our audit files, but I am at a loss to figure out how to redirect the log files to be stored there instead of the default.
I am sure it is a simple matter but I have been unable to locate the information.
View 1 Replies
View Related
Feb 21, 2011
I've set up ssh passwordless logins using keygen etc.before so I know the routine.
The problem I'm currently having is setting passwordless logins when I don't have write permission to my "root" of the remote machine. More specifically the slice provided by a commercial web hosting provider. I can ssh and sftp just fine keying in the password manually but since I'm unable to create a .ssh directory in my "root" I'm unsuccessful in scripting logins. What I'm wondering is if the .ssh directory and associated security files can be placed in an alternate location such as the httpdocs directory and pass that location to ssh in a command line parameter.
View 8 Replies
View Related
Jun 9, 2011
I frequently use wget to download tarballs and zip files from the web, then either untar then or gunzip them. I do:
Is there a way for me to automatically pass the zip file to tar or unzip WHILE wget-ting?
In pseudocode: wget google.com/somfile.zip && unzip
View 3 Replies
View Related
Apr 6, 2010
I have an ntfs partition that I wish to access as a normal user(non-root). For this I did the following. As root I created a folder /windows and did a chmod 777 -R on /windows. Then I added the following line to /etc/fstab
Code:
/dev/sda3 /windows ntfs-3g defaults,nosuid,nodev,umask=000 1 0
Now, the partition is mounted alright but the problem is that when any other user (non-root) creates a files in /windows (say by executing touch newfile) the newly created file has the owner and group set as root. The non-root user can create the file and he can also delete the file, however, he cannot change the permissions of the file and also the owner:group is always set as root:root. How do I get across this problem, i.e. how do I mount a partition, so that a non-root user can also change the permissions and ownerships of the files he creates.
View 2 Replies
View Related
Sep 20, 2010
Hello everI'm really confused by the ways an encrypted partition get mounted.It just mounts the partition without asking for the passphrase used to create it. I can list the files in /mnt/sda2, create a new file test.txt, but have no access to the files written to the "real encrypted partition".Then I can see/change the content of the encrypted partition but without being able to see/change the file test.txt created previously with the normal mount command.
The reason I'm asking is that I'm having my custom Debian to automount every partition available on the system at boot time. Is there any way/command to tell if a particular partition is encrypted (by cryptsetup) or not? So that I can mount it the right way and not make the users confused (or even harm the encrypted data).
View 6 Replies
View Related
Jun 25, 2010
I have access to backup server via rsync protocol (only rsync, nothing else). Now, I want to fetch file from there (which is .tar.gz) and pass it directly to tar command, without saving the archive in local filesystem. To visualize, with ssh access I could:
ssh remote_host cat backup.file.tar.gz | tar xzf - And I will get uncompressed backup locally, without actually storing .tar.gz on local machine. Is it possible to achieve when using rsync?
View 4 Replies
View Related
Apr 20, 2010
I have a problem passing a file descriptor from one process to another.
I have two processes A and B. Both are running in different network and
filesystem namespaces, so it is impossible to use unix domain sockets or
net sockets to pass a file descriptor from process A to process B.
The usage of STREAMS is also impossible, as you can see in
fixunix.com/unix/84093-streams-pipes-ioctl-i_sendfd.html
[quotation begin]
Linux doesn't have STREAMS, which are the System V way
of doing this task. ...
[quotation end]
Are there additional possibilities for file descriptor passing like
using named pipes or something like that or does anybody know
a good workaround for this problem ?
View 9 Replies
View Related
Jul 16, 2011
I am calling a URL from shell script and passing few argumants,Here i have to pass file content as one argument.How can i pass file content through URL.
eg:
content=`cat /Users/test1.txt`
open http://localhost:8080?filecontent=$content
[code],...
View 1 Replies
View Related
Apr 19, 2010
I am attempting to write my first ever script from scratch and making some progress.
My first shell script file executes a list of commands contained in a second file. I need to pass a parameter to this command file how do I do this?
View 7 Replies
View Related
Nov 13, 2010
I have a huge binary log file. There are lets say 4 id's that I want to find in a log file. I know that those 4 id's will be present in the log file and I also know in what order they will be present. I want to find 1st id from the log then 2nd id and then third id and so on..
Simple/inefficient solution is: Loop through the id's and then grep in the log file. Problem with this solution is for each id grep will search from the beginning of the file.
Better/efficient solution would be: Sine I know the order in which id's will be present in the log file. Loop through id's, grep 1st id and then move on to grep 2nd id and so on...this way I can grep all id's in one pass. Is this solution possible ?
I have 500000 + values to find in log files and I have to find efficient solution for it.
View 2 Replies
View Related
Jan 4, 2011
Is it possible to forbid a non-root to umount a partition that was mounted via fstab-entry?
View 2 Replies
View Related
Feb 2, 2011
I have a Python script that I run which needs to execute under a special environment, so I would run the program like so from my working directory (~/project/src):
python manage.py shell
This opens up an interactive shell for me to start typing my own commands.I have another set of administrative activities that I would like to house in another directory (~/project/admin). The manage.py is really finicky about running from the working directory. So, to make this whole thing work, I made a script which starts off like so:
#!/usr/bin/python ../src/manage.py shell
There are a couple problems with this. The first is that it doesn't work:
/usr/bin/python: can't open file '"/../src/manage.py" shell': [Errno 2] No such file or directory
How do you specify multiple parameters to the interpreter?How do I change the working directory?
View 2 Replies
View Related
May 2, 2010
I am looking for a clue in shell or ant script, where I excecute a binay file on linux. For example ./myfile.bin which ask me few questions.
./myfile.bin ...........................100%
I would like to automate this process where I want to pass the hostname as a variable or read from a file is it possible? If yes any sample`s on this. I can do if this was a shell script ($1) but not sure when its binary.
View 8 Replies
View Related
