I say to remove access to MOST of these SUID binaries? do they all need this power? what i want to do is minimize access just incase one of them gets an exploit(as ive already done for apache SuEXEC)
[Code]...
I've searched the forum, but nothing answers my question. We know the security risk posed by suid, sgid.I'm looking to remove the suid bits from all programs that do not absolutely need it.
This command:
find / -type f ( -perm -04000 -o -perm -02000 ) -exec ls -lg {} ;
gave the list below.
For which of these programs can I safely remove the suid bit? I don't want to break my system by modifying a program that the system needs.
-r-sr-xr-x 1 bin 502172 Jan 10 12:36 /usr/local/bin/dccproc
-r-sr-xr-x 1 bin 186683 Jan 10 12:36 /usr/local/bin/cdcc
-r-s--x--x 1 root 23980 Nov 17 00:27 /usr/lib/virtualbox/VBoxNetDHCP
-r-s--x--x 1 root 9896 Nov 17 00:27 /usr/lib/virtualbox/VBoxNetAdpCtl
-r-s--x--x 1 root 23976 Nov 17 00:27 /usr/lib/virtualbox/VBoxSDL
[Code]...
I have an old FC2 box running Squid version 2.5. It has been running since 2003 so I am in the process of replacing it. I have a new machine with FC11, iptables, and Squid 3.0 installed.
On the old machine I use iptables to intercept Port 80 traffic and send it to Squid. By default I block all internet access and allow only sites that are in an Allowed_Sites.txt file. Within Squid I also have statements to allow certain users to bypass Squid based on their IP address.
I have set up the same thing on the new box. I have iptables intercepting the Port 80 traffic and sending it to Squid. That is working because if I remove the redirect statement from iptables all internet access is blocked.
The problem I am having is that Squid is not blocking any websites. It acts like the ACL is set to http_access allow all. I have worked on this for several hours and am stumped.
These are my Squid rules:
acl allowed_sites url_regex "/etc/squid/Allowed_Sites.txt"
acl manager proto cache_object
acl localhost src 127.0.0.1/32
acl to_localhost dst 127.0.0.0/8 0.0.0.0/32
acl SSL_ports port 443
acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny manager
http_access allow Bypass_Users
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
acl our_networks src 192.168.1.0/24
http_access allow allowed_sites
http_access allow our_networks
http_access deny all
icp_access deny all
htcp_access deny all
http_port 192.168.1.254:3128 transparent
hierarchy_stoplist cgi-bin ?
access_log /var/log/squid/access.log squid
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|?) 0 0% 0
refresh_pattern . 0 20% 4320
visible_hostname FC11.proxybox
icp_port 3130
coredump_dir /var/spool/squid
If I leave the computer running for a few minutes without doing anything on it, this screen appears demanding that I enter my password, otherwise I can't get back to Fedora. I understand the necessity for this security feature in a work environment, but I'm just a home user and this security screen is just a nagging problem I don't know how to get rid of.
View 1 Replies View RelatedI have just installed 9.10 netbook remix onto my Eeepc 901. I was previously using 9.4 Rather than clicking on shutdown icons, or going through shutdown menus, I added a keyboard shortcut to run a shell script containing the following code:
Code:
#!/bin/bash
init 0
because init needs to be run as root to have the correct permissions, I set the owner and group to be root , ran chmod 711, then chmod u+s to prevent anyone altering the script, and to allow anyone to execute it with root privelidges Since updateing to 9.10 netbook remix, I have been unable to get this to work. have applied the above changes but get a "/bin/bash: /usr/bin/shutdownscript: permission denied" error when I try to run my shutdown script from the terminal (nothing happens when I press the key combination asigned to the keyboard shortcut). If I run the shutdown script with sudo then it neatly shuts down. ls reveals the following permissions:-rws--s--x 1 root root
So it appears as if SUID and SGID are both set, and the owner/group are correct, and the script works, and yet it doesn't have the permissions to work. I installed 9.4 long ago enough that I can't remember if I had to do anything else to get it working, or has something changed between 9.4 and 9.10?
i was wondering if it is possible to run a program such as firefox or any other internet program as its own user (ie user firefox), but still in my desktop session, this way the program would have its own home folder and store all the data there, while i use it normally, i was trying to set the suid on the firefox binaries but then it doesn't starts at all.
View 6 Replies View Relatedwhat is suid or nosuid and would it override nfs server? I really don't know what this all means. whats the difference?
View 1 Replies View RelatedI have tried to configure an Enemy Territory Server in an way that a common user could run it just executing a command line. The first thing I did was writing a script like that
/usr/local/games/enemy-territory/etded +set dedicated 1 +set net_port 27960 +set fs_game etpub +set fs_homepath /usr/local/games/enemy-territory/27960 +set sv_punkbuster 1 +set +exec server.cfg +set +exec punkbuster.cfg +set +exec bots.cfg
and then putting it in the /usr/local/bin directory. Ok, the things seem to be fine, but then I realized that the program tries to write some config and log files. I noticed that because some warnings appear in the command line, like that Couldn't write etconfig.cfg always that I run the command as a normal user. On the other hand, if I give writing permission to these files, all the warnings disapear.
But I don't think it is a good way, because someone could change these files by hand, what would not be good.
My last try was to set the suid of the script up, with the command chmod u+s /usr/local/bin/etded-server
But as I already knew that suid does not work well with shell script I wrote a C source like that:
[Code]...
I have looked at a LOT of forum posts and other sites trying to solve this problem but I have had no luck. I've seen the following:[URL].. I have an entry in my fstab that lets root mount a samba share on a Windows Server 2003 machine and gives users full read/write access to the share. The fstab entry looks like:
Code:
//servername.net/share /mnt/share cifs rw,user,umask=000,username=someuser,noauto,file_mode=0777,dir_mode=0777 0 0
However, when a normal user tries to mount the share they get one of two errors:
1. If I have /sbin/mount.cifs set to 777
Code:
mount error(1): Operation not permitted
Refer to the mount.cifs(8) manual page (e.g. man mount.cifs)
2. If I have /sbin/mount.cifs set to +s
Code: mount error: permission denied or not superuser and mount.cifs not installed SUID Does anyone have any suggestions as to how I would go about getting a user able to mount this samba share?
I am on the admin account of my computer and am trying to remove all privileges from CWD i have tried
chmod go-rwx ~
sudo chmod go-rwx ~
but when i pull up
ls -l ~
It is still showing permission in the g and o column.
Is suid disabled from running all home made bash scripts or just from running them as root or:
Who would know for sure.
I googled several combinations of Mandriva Linux how-to suid disabled setUID etc... so far all I found was "many distributions are disabling suid for security reasons" nothing specific.
i have looked under applications as well as system for the add/remove but it is not there, how else can i find it or access it?
View 2 Replies View RelatedHow can I remove authentication completely from my pc?
How can I edit the files present in the patrician filesystem?
Can a virus survive a reformat, running bootrec /fixmbr (both from the install CD), and then installing Ubuntu? Reformat meaning from the windows disk recovery console, using the format command for all partitions. Likewise, would a virus be capable of surviving just the first two steps alone without installing Ubuntu, just re-installing windows?
If one were to have an MBR virus on Windows or Linux, how abouts would you find or remove it without doing an entire disk wipe? And before someone goes "Linux is immune" take into consideration vulnerabilities on the user end.
How can I remove this string from all files. I am not sure how it did get there
PHP Code:
<?php /**/eval(base64_decode('')); ?>
I tried this but It did not work
PHP Code:
find . -iname *.php* -exec sed -i 's/<?php /**/eval(base64_decode('')); ?> //g' {} ;
A Javascript has crept into all my hmtl, php files in my shared hosting account. I have SSH access.How can I use sed to remove that line from all files in a directory recursively ?sed doesnt change the original file.And I need to specify *.php and *.html
View 4 Replies View RelatedI try to go to Add/Remove Software but it always show this message. I didn't open any program.
View 3 Replies View RelatedI was trying to install Fedora 9 on my new laptop that came with Win XP. I have selected the option to wipe out all partition and create a default layout with the Encryption option selected. But that installation got stopped on the middle, therefore I have started the installation again. This time it asked for the encryption password as expected but don't know why, its not accepting my password. I am 100% sure that the password is correct but it is not allowing me to enter into the hard disk partition section.
My question is, how do I remove encryption from my hard disk? I don't need to preserve the data, I just need to use my hard disk again. Is there any boot CD that allow us to format encrypted disks without prompting for a password?
I have a Ubuntu file server with a mix of 30+ users ( mix of windows and linux ).All are members of the same group. All need read write create access. I want to prevent deletion of certain key folders. How can I achieve this ? sudo chmod -R nnnn ??
View 8 Replies View RelatedI found LKL on my computer. I need to remove it. It isn't showing up in synaptic and i can't figure out how to remove it. SUDO apt-get remove lkl tells me this. E: Couldn't find package lkl. i can't find it with the search and with google.
View 4 Replies View RelatedWhen I installed, I selected the option to encrypt my home folder. I believe this is causing constant crashes now, since error message is user id/password related. Is there a way to remove the encryption?
View 5 Replies View RelatedIs there any way to remove the whole disk encryption without reinstalling? I'm running Ubuntu 10.04.
View 2 Replies View RelatedI've installed Ubuntu via UNetbootin from USB on my child's computer. It comes by default with the sudo command which I find really annoying to work with. I'd rather have my su command.
Now, while googling for a removal instruction, I've read that the sudo command is tied to system functions on some Ubuntu live systems and can't be removed easily. Does anyone know if this applies to the 10.04 live version used by UNetbootin and how to work around this problem?
If not, is it simply enough to remove 'sudo' via the software center? I find many tutorials on how to switch from su to sudo but not much about the other way around.
Our client-accounts were recently injected with the following script and since there are too many files that were injected (only index.php and index.html) how this script can be traced with a search command and removed in all files found.
[Code].....
I'd like to ask a question on installing software.
I cannot install software using "yum" but I can with the GUI program "Add/Remove Software".
For example, I tried:
It will exhaust all the mirror sites without success.
All the error messages look like:
But I can install "screen.i686" easily from the "Add/Remove Software" GUI and it is very fast.
However, what's puzzling is that I could install some certain packages although I still see the same kind of error messages.
For example,
will work. But in general, "yum" is running very slow and is rejected at every mirror sites.
My settings: I just installed "Fedora 14" (Linux 2.6.35.11-83.fc14.i686) as a virtual machine (using VirtualBox) on a Windows XP (Professional, SP3) host on my laptop (CPU: Intel Core2 Duo), which accesses internet through a HTTP Proxy server since it is behind a corporate firewall.
Can't access to Install/Remove Software. I'm getting an error
Download failed:
File '/repodata/repomd.xml' not found on medium 'http://download.opensuse.org/repositories/server:/database:/postgresql:/9.0/openSUSE_11.3/'
History:
- [AbstractCommand.cc:224] URI=http://download.opensuse.org/repositories/server:/database:/postgresql:/9.0/openSUSE_11.3/repodata/repomd.xml
[Code].....
Is it something important or I can just remove it from the repository list?
I am running Ubuntu 64-bit and I downloaded a 32-bit binary. I tried to run it in the shell using ./file but zsh said that it did not exist. However it shows up in nautilus and ls. Is this supposed to happen?
View 2 Replies View RelatedAfter upgrading to Lucid I can compile but not run binaries from the console. I have build-essentials installed. When I try to run a compiled program I get this error:
bash: .: ./main: cannot execute binary file
I'm trying to debug why I cannot run any java on my RHEL 5 box. Right now I'm just trying to run an example .jar file I got from
[URL]
I'm not a java developer, just an end-user.
[xxxxx@xxxxx Desktop]$ cat /etc/redhat-release
Red Hat Enterprise Linux Client release 5.4 (Tikanga)
[xxxxx@xxxxx Desktop]$ uname -a
[code]....
Are there gcc and g++ binaries available for download anywhere? I can only seem to find sources, which I can't get to build (trying to upgrade to a newer compiler).
View 7 Replies View Related