there are some configuration files where linux require the password of application user, to do something.how can i to encrypt the password in these files? Or how can i to store that password in encrypted file and retrieve it in secure mode?
View 2 RepliesIs it possible to have the passwd file for svnserve encrypted, rather than store the usernames/passwords in plain text?
View 3 Replies View RelatedI've created encryption systems on servers, but nearly always I have stored the password somewhere on the machine itself. The file is always 0600 to the relevant user, but a systematic analysis of my system could easily find the scripts that invoke decryption and discover the password. (The most blatant example of this is mounting SMB shares with the "-o credential_file" option where both the username and password are plain-text. In the cases where I've used this, the security of the share hasn't particularly mattered.)
Soon I might be faced with storing "patient health information" (PHI in the healthcare world) whose privacy is heavily regulated by the provisions of the US law called HIPAA. I've been thinking about creating an encrypted partition to hold the PHI, but I need a highly fault-tolerant method for obtaining the key from a different machine than tha server itself. At first, I thought about running a script using scp and shared keys to copy the key from the remote, use it to decrypt the partition, then erase it. I'd like to be able to do this with a pipe; otherwise I'll write the key in a non-persistent location like /dev/shm.
I need more than one machine to make this work to ensure I can obtain the key when needed (like at boot). One solution is to place copies of the key on multiple servers and try each of them until I find it. A more elegant solution would place the key in a DNS TXT record. I suspect I could use LDAP for this as well, but OpenLDAP and I have never really been on speaking terms. So does this make sense? I presume I can write a bash script to do all this at boot. Most of what will be stored in this partition is the PostgreSQL database in /var/lib/pgsql and perhaps some other files.
My understanding of encrypted file systems is that they are only encrypted when unmounted. When mounted they must be as visible to the operating system as an unencrypted partition. I suppose you could apply encryption to every single disk transaction, but that would require knowing the key all the time, and would seem to add a lot of overhead.
I have implemented a web application on Linux that I want to deploy and sell to customers. I want to sell ready systems including the hardware. The application is written in PHP/MySQL. What I am searching to achieve is :
1) Find a way so that filesystem and partitions to be encrypted but without the need to insert some code when rebooting. So that if someone gets out the hard disks and attach to another system, cannot have any access to my files or settings. And of course when rebooting (e.g. after a power failure) encryption to be applied automatically.
2) I know that there are ways to bypass root password on a Linux system. Can all these ways be unassigned ? I want the only way to have access to system, to be by using the root password and nothing else.
I have thought of using a virtual server instead of a physical one (like deploying a virtualbox server) but still would like this to be the most secure possible including not only remote but also local access to system.
I'm using a command in Linux which generates an eight character random password. the problem is when i execute the command, the generated password have shown and isn't store anywhere i can use.How can I store this password into a file or pipe the command to save the password into desired file directly?
[code]...
I started to work on building a ftp by vsftpd in our lab (that's only for our lab members). I am going to setup some the virtual users for each of the member. We have a CentOS5 (without upgrade after the fresh installation). I try several ways to setup the vsftpd for virtual users. 1) with db4 2) with mysql 3) without database and use htpasswd. But all fails. Actually, I don't want to use database, so I am going to find out the reason of failure on 'htpasswd' method
My vsftpd is installed in /etc/vsftpd (for only using ftp account, it is no problem to login).
1) I setup an account called vftpuser and build the corresponding home (/home/vftpuser), and then I setup another account call usera and also create a directory within /home/vftpuser.
2) I use htpasswd to add passwd to usera and store the passwd in /etc/vsftpd/passwd.
3) I added the name of usera to /etc/vsftpd/user_list
4) I create a directory /etc/vsftpd/user to store a unique conf for each user (for usera, the conf named usera) which contains the local root for users, which is
[Code]....
I have forgot the root password of opensuse server. How could I retrieve it.
View 3 Replies View RelatedSo in an environment where I have 40+ sets of completely unique sets of logon credentials. The only way I've been able to manage this is by keeping them in a hidden and heavily encrypted text file in my home dir.Would like to hear alternatives to this approach if there are any, BTW. Right now I have a script that automates the process of un-encrypting the file, launching an editor and then clean-up with shred -u after editing and re-encrypting.
What bugs me is the interim where I have the file in an un-encrypted state on my drive. It doesn't seem necessary. I have a view script that allows me to see what's in the file without saving it to the drive.
I am looking for a program to help me store, organise and retrieve information. The aim would be to keep notes from literature, concepts and ideas which i come across during my studies. It's always a hassle to retrieve this information when i have to write a paper for instance. So in fact what i need is a sort of wikipedia-like program where information is searchable and where perhaps hyperlinks could lead me from one word/note to another.
View 2 Replies View RelatedI just upgraded from F14 to F15 and have a problem with entering the password for the encrypted FS: when booting with the latest entry in the bootloader:
Quote:
kernel /vmlinuz-2.6.38.6-26.rc1.fc15.i686.PAE ro root=/dev/mapper/vg_anonymous-lv_root rd_LUKS_UUID=luks-3ef72221-1165-46a6-ab69-3932e22e9d4f rd_LVM_LV=vg_anonymous/lv_root rd_LVM_LV=vg_anonymous/lv_swap rd_NO_MD rd_NO_DM LANG=en_US.UTF-8 SYSFONT=latarcyrheb-sun16 KEYBOARDTYPE=pc KEYTABLE=de
initrd /initramfs-2.6.38.6-26.rc1.fc15.i686.PAE.img
[Code]....
Im using opennms network configuration backup server called 'RANCID'.It run on top of RHEL5 system and using APache. Here's the link which i'm accessing [URL] But any one can access this URL and obtain my configuration files
I want to secure this using a logon page.allow login Only for the successful authentications by entering the predefined username and password But after get authenticate book marking the above URL still can access anyone since it didnt prompt username and password again In eachtime executing the above url it should direct to authenticate page
I remember that some time ago I found a guide on the Ubuntu website about adding samba shares to mount at boot via /etc/fstab. The guide also mentioned using a credentials file to store the username and password.
However, the password was encrypted (in md5 I think) and it could not be read directly, but it still worked with fstab mount. If I remember correctly, the file contents were similar to this:
Code:
useraname = user
password = --md5
where was replaced by the encoded password. All was done in terminal. Recently I changed computers, and re-installed Ubuntu, but I forgot to save that file so I am not sure about the contents. I would like to know how to do this again, but I can't find the guide anymore. Does anyone know how to do this? Storing the password in plain text in file readable only by root is not acceptable because it can be read by someone mounting the drive from other operating system, and the share cannot be mounted/unmounted by regular users (which is possible with the md5 encrypted password).
I would like to grep all values other than encrypted password from /etc/shadow fileFor example,each line consists of 8 fields separated with :/The only thing that I want not to print out is the contents between first : and second : (encrypted password)
View 7 Replies View RelatedThere was a recent thread in this forum regarding capturing of SSH passwords via the use of wireshark. The thread subject was closed, which is a decision that I both agree with as well as agree with the reasoning behind. The thread, however, raised a point of curiosity and concern that I would like to ask about. Quoting from a the book, SSH, The definitive guide,
The client authenticates you to the remote computer's SSH server using an encrypted connection, meaning that your username and password are encrypted before they leave the local machine. The SSH server then logs you in, and your entire login session is encrypted as it travels between client and server. Because the encryption is transparent, you won't notice any differences between telnet and the telnet-like SSH client.
I was under the impression that SSH was impervious to this type of eavesdropping, and quite frankly I take great comfort in that idea. I personally, only allow RSA keys for SSH access and (hopefully) avoid this problem (?) as a result. Does SSH really have a vulnerability in that the authentication is sent via plain text? How to ensure the security of SSH and not on anything that could be considered a how to 'crack' it.
I've got 4 identical 1 TB drives and would like to use them in a software RAID configuration on my home server. I'm running Debian Linux using 'mdadm' utility to manage the software RAID. I don't know how much I've read is fact or dated or even false so I decided I would ask here to get help from people who know more about this than I do. This is essentially just a file server machine to store all my data so being that I've got four identical SATA hard drives, I was thinking about doing RAID level 5. I guess I'll start here and ask if that is the recommended level of RAID. I think RAID level 5 will be fine for my general server usage. My second issue is partitioning the four individual drives to get maximum performance / space from them. Basically just asking here how would you or you recommend I partition the drives? I was thinking about doing three seperate partitions per drive:
/dev/sda1 = 4 GB (swap)/dev/sda2 = 1 GB (/boot)/dev/sda3 = 995 GB (/)Now from that partition schema above, obviously all the types will be 'fd' for RAID and the partition for /boot is going to be bootable. My confusion is that I read Grub doesn't support booting from RAID 5 since Grub can't handle disk assembly. If /dev/sdx2 (sda2, sdb2, sdc2, sdd2) are partitioned for /boot (bootable), how would you guys configure this RAID to match up equally? I don't think I do a RAID level 1 on 4 identical partitions, right?
I keep my bank account numbers and passwords in a kwallet file. I would like to buy some external usb flash disk as a backup to keep the file inside. if there is an encrypted way in linux to store the data inthere?
For example: Buy a stick that encrypts the data Encrypt the data by using some filesystem. Does this work on every usb stick?
my /var/log/secure file is not getting updated with ssh logins from yesterday.Even the login from my own ip is not updated.
View 2 Replies View RelatedI am going to set up a file server on Ubuntu. I have searched a while, but can't seem to find a guide to what I want. The requirements specifications are the following:File server: possible to upload, change and download files.Linux (Ubuntu) clients, Windows clients if possible.Access restriction to deny access to other than registered users.Only the user should be able to read the content of the files.Ideally root should not be able to see the individual files, but in worst case it is ok for root to see the files.Root should not be able to open the files.Point 1-3 is easy to find out how to set up. But I can't seem to find a way to deny root to view the files. The only solution I can think of is to encrypt files or a whole folder, but I don't know how to set it up.
The setup is for a home network, but the server used as a file server will have a web server as well. If someone manages to get access to the server I don't want them to be able to read the files.
if connecting to my server for file transfer using gFtp is secure. I told gFtp to connect to the server using SSH2 and it works. It says it uses this command "ssh -e none -l wordpress -p 1883 IPADDRESS -s sftp." Is this more or less secure then using ftpes or ftps? What I thought was weird was that I could shutdown vsftpd and still connect. Does SSH2 SFTP use its own ftp server?
View 4 Replies View RelatedI've just started using ubuntu one. However, some of the files I store on there are sensitive so I encrypt them using seahorse. Right click, encrypt etc etc. My question is, is there a way to automatically get the encrypt process to delete the un-encrypted file when it makes the new encrypted copy?
View 6 Replies View RelatedDoes it really matter if you use bit-torrent to get the iso image? Or is that a bit risky? Would using IPv6 to download.
View 9 Replies View RelatedI'm trying to find a secure way to backup files on my Prod Server to Backup Server. It must be automated, so I will need to run a command with cron which will login to Prod Server from Backup Server and backup data. 1. Do you think it would be secure enough to do this by creating an passwordless RSA private key on Backup Server and adding it's public key to authorized_hosts file on Prod Server? I can't think of a way to Automate this without having to enter any passwords without passwordless RSA key. Is there another. more secure way? 2. Should I create a special user for backup, which will only have read access to all files in the directory that I am backing up? If so, How can I run a check that this new backup user indeed has read access to ALL files in the folder that I intent to back up? How can I ensure the backup process will not skip files due to some permission problem? 3. I'm thinking of using rsnapshot tool, which uses rsync.
View 10 Replies View RelatedI need a webserver (LAMP) running inside a virtual machine (#1) running as a service (#2) in headless mode (#3) with part or the whole file system encrypted (#4).The virtual machine will be started with no user intervention and provide access to a web application for users in the host machine. Points #1,#2 and #3 are checked and proved to be working fine with Sun VirtualBox, so my question is for #4:Can I encrypt all of the file system and still access the webserver (using a browser) or will GRUB ask me for a password?If encrypting all of the file system is not an option, can I encrypt only /home and /var/www? Will Apache/PHP be able to use files in /home or /var/www without asking for a password or mounting these partitions manually?
View 2 Replies View RelatedUbuntu Community, I have just switched to ubuntu 9.04, from openSuse.
Am programming with bluetooth. I get the following error. code...
I have been having off and on issues with my samba file shares. I am sharing a NTFS formated hard drive where the mount point is in my home directory, as well as a printer connected via USB. I am to the point where printing works (using it as an ipp print share, samba is configured for it, but I don't know if it works or not), and I can access the shared folder from Windows, but I can't access the shared folder from any Ubuntu machine. I get the error:
[Code]....
Centos 5.3 includes Ext4 and improved support for encrypted file systems but it appears to be aimed at laptop/desktop systems, in that a password must be entered at boot time.
Is it possible to have a server with an encrypted root file system boot up without entering a password?
Mandos will do it...
http://wiki.fukt.bsnet.se/wiki/Mandos
...by serving up the password from another server...
http://packages.debian.org/squeeze/mandos
...to a client loaded into the initial RAM disk environment...
http://packages.debian.org/squeeze/mandos-client
...but it's not available on CentOS, and is only in Debian unstable.
Is there a similar (or any) solution for CentOS?
In particular, I'm envisaging encrypted virtual machines being served passwords from their virtual host.
Alternatively, the data that *really* needs to be protected could be encrypted while the system core remains unencrypted. But then the keys to decrypt the file system must be stored in the unencrypted portion, so this is not an effective method.
I want to store my svn password in the gnome-keyring so it is encrypted and 'secure'. I made the necessary changes to ~/.subversion/config, but even after running a few svn commands, I do not see an entry for SVN in the keyring.
What else do I need to do to get SVN using gnome-keyring? I will also be using this with git-svn.
I forgot my email password which was stored in evolution. The gnome wiki says it's in ~/.gnome2_private/Evolution/ but I don't have this directory. does anyone know where the password is stored? I'm using 10.04
View 3 Replies View Relatedhow to retrieve lost password to file server storage) running Samba 3.0.14a-Debian? Access to file server from windows PCs via LAN , no direct access.Where the password stored there and how to retrieve?
View 9 Replies View Relatedretrieve the root password in linux. Need it as early as possible.
View 8 Replies View Related