If someone has physical access to a machine, they can boot up with a live cd and chroot in to the filesystem as root. 1) Is there any way of a bash script script knowing if the computer was booted regularly or if it was chrooted into? 2) Is there a way to have a script run automatically when the user chroots in?
View 1 RepliesI had to copy the lib64 libs since I am working on a Cent OS 5.5 Xen VM. And used username enemy-territory instead of et adjusting the relevant init script lines accordingly. I am able to run "chroot /usr/local/enemy-territory" and get to shell, I am root when I run that, of course.
starting /enemy-territory/etded I get: [I have no name!@cobra /]#/enemy-territory/etded
bash: /enemy-territory/etded: /bin/sh: bad interpreter: Permission denied
starting /enemy-territory/etded.x86 I get:
[I have no name!@cobra /]#/enemy-territory/etded.x86
ET 2.55 linux-i386 May 27 2003
----- FS_Startup -----
Sys_Error: Unable to create directory "/root/.etwolf", error is No such file or directory(2)
I have set all files to be owned by root but are part of group enemy-territory. I can see the files in chroot.
Running the start script yields:
[root@cobra local]#/etc/rc.d/init.d/rc.etded start
[root@cobra local]#Could not find a PID for /usr/local/enemy-territory/enemy-territory/etded.x86!
[code]....
As any normal user I can run the program fine without problems. I am wanting the chroot setup, so I can limit collateral damage if we get hacked, and to allow me to have a non chroot location to store backup copies of the working directory.
i'm on 9, x86_64, and have successfully created chrooted SFTp users following this [URL] tutorial. however, i need to get into the sftp account programmatically to move and delete the deposited files. so i enabled ACL and set setfacl -R -m u:$USER:rwx,d:u:$USER:rwx /home/$SFTPUSER
this works well EXCEPT that now the sftp user cannot log in. the latter, of course, is the problem at hand! it's driving me crazy. as soon as i remove the acl and revert back to the plain old chmod/chown scheme, the sftp user can log in ... but i can't delete files in the sftp account. i tried to set facl to the sftp group ('jailed') but to no avail.
I am being tired of this old 3.6 firefox, want to upgrade to firefox 5. It is of course available at mozilla.org for my 64 bits suse, but i would like to know if a pre packaged .rpm exists somewhere ?
View 5 Replies View RelatedI wondering how to know the unpartitioned space on the HDD on Red Hat 5, for example if I have hda with size 30GB and I already had partation hda1 10GB that's mean that i have 20GB free unpartitioned space, Is there is any command that can shows me the free unpartitioned space on a specific hdd ?
View 6 Replies View RelatedI am trying to find out, if an application is chrooted jail or not. I have tried to do as suggested here, but something is wrong I believe. [URL]
pidof apache2
24714 24404 24366 24365 24364 24363 24362 4923
ls -ld /proc/24714/root
lrwxrwxrwx 1 root root 0 May 31 19:05 /proc/24714/root -> /
So far so good. Now we try with postfix, ups, nothing to show ? pidof postfix Lets try with the postfix master process instead. pidof master 2623
ls -ld /proc/2623/root
lrwxrwxrwx 1 root root 0 May 31 19:07 /proc/2623/root -> /
It shows it as not being chrooted jail, which I do not understand, since I KNOW that postfix runs chrooted jail.
Is it possible to load a new kernel while in a chrooted environment. Say I have one linux distro and want to chroot into another and load its kernel
View 1 Replies View RelatedI am unable to send emails throught smtp class with auth server. Whenever i send the email even throught mybb smtp class in forum i see blank page and apache logs shows: Code: [Thu Jul 29 16:41:49 2010] [notice] child pid 23716 exit signal Segmentation fault (11) any idea what i have to add for proper work of this?
View 1 Replies View RelatedHow to allow users to change their password in chrooted ssh as long as the modifications in the shadow file in the chrooted environment will not be applied on the system itself ?
View 2 Replies View RelatedI just wanted to know if there is any possibility to decrypt a encrypted file with AES crypto without knowing the password.
View 1 Replies View Relatedbrother locks qbittorrent and i find it difficult to run ..... in his absence as he doesn't give his password. So how should i unlock the code
View 3 Replies View RelatedI have a .png file and I didn't know which program I had to type to use it what could I do to find out?
View 8 Replies View Relatedbrother locks qbittorrent and i find it difficult to run ..... in his absence as he doesn't give his password. So how should i unlock the code
View 2 Replies View RelatedFrustrated with ubuntu v11, i re-installed v10. At first my old authetication password worked. Then it stopped working and i can't make any changes because i don't know what word the blasted system wants. Am i locked out forever? Should i re-re-install v10 and everything else? or how i can change my authentication password without knowing what the computer wants?
View 9 Replies View Relatedwhen in-core copy of inode is updated & after how much time it is updating? is there way to know all opened files on system by different processes?
View 1 Replies View Relatedwhen one downloads non-rpm packages they are placed in a download window(by file roller).Could someone explain where exactly this download window is located in the directory tree? or is it? how does one install these packages from the terminal as root without knowing where their located?
View 1 Replies View RelatedI have a droid phone, and I have ubuntu 9 running on it. This is done by chrooting since the phone runs a linux kernel. And it works... I have a question though. tightvncserver does work, and its able to listen on 127.0.0.1.. Its how you view your X session. So you chroot to Ubuntu, then start vncserver. Then switch back to android and login to ubuntu via vnc client. but apache, mysql, and postgresql do not work. Well. They dont seem too.. except for mysql. Mysql will start but only if you tell it not to use networking by saying skip-networking in my.cnf
Mysql says: mysqld cant create ip socket permission denied Apache2 says it can find 127.0.0.1 but doesnt actually run same with postgresql... All seem to be compiled with arm architecture. So why does tightvncwork? Why is it so special? How can it listen on the loop back (127.0.0.1) when nothing else can...
I have /proc and /dev bind to the chroot side. I can run ifconfig okay, and I can run /etc/init.d/networking start okay.. But apache2, mysql, etc have problems binding. I have removed apparmor even though technically its not running, but I removed it and its configuration files, just because I thought perhaps mysql looks at apparmor, but I doubted it.
I have a question that i want to make a normal user to execute the commands which the root user is able to execute, say if i have a user named siru and when i logged in using siru i cannot run commands like tracert,nmap@loccalhost and all but i can run when i have logged into root account so my question is how to make siru to run the command tracert,nmap@localhost.I have even edited the .bash_profile of siru's home directory from
# .bash_profile
# Get the aliases and functions
if [ -f ~/.bashrc ]; then
[code]...
Apache is run as www as is all the files/folders. People are uploading via FTP, scp, so the problem is if I chmod so everyone can read, then rsync as a user it works until new files are added which then my ; if rsync fails with a permission denied. Now I can add a chmod in the script so everyone can read, but since www can already read, I figured I would just change my script to use www. I added the ssh key to his authorized_keys file, but when I try to just ssh in I see this in the secure file;
server sshd[29539]: User www not allowed because account is locked
sshd[29539]: Failed none for invalid user www from ip port 54983 ssh2
Now I read a few places already saying I need to add a password to the account, etc. but before I jump and try all I read, 1st major one, will this now break apache? Will this affect any startup things, etc. and .... will that unlock that user for ssh in or is there another preferred method?
I installed SSH-keygen dependancies for a /chroot user.
I can now execute ssh-keygen from the /chroot user BUT I receive a message PRNG is not seeded.
When I do it from any of the users that are not /chroot users, it works fine.
I'm looking for a way to limit:
-memory usage (mb/user)
-cpu usage
-processes (amount and no same process multiply)
-connections (amount of connections (to specific host))
-bandwidth (kbps/user and even owerall for regular users)
-disk usage
-available commands
For every other users than me/root.
I'm trying to set up a Fedora 11 server so that users have only SFTP access. The relevant lines from my "/etc/ssh/sshd_config" are:
[Code]....
I can log in okay, I can type "cd /" and "cd upload", but when I try an "ls" command, I get: Couldn't get handle: Permission deniedand when I try to get the file "junk" (listed above), I get: Couldn't stat remote file: Permission deniedAnyone know what I'm doing wrong?
get the steps for LDAP user to NIS user migration?
View 1 Replies View RelatedI want to know information about my Hardware ( like DXDIAG in Windows )
View 2 Replies View RelatedI have set up a debian 5 server with ISPConfig and PostFix using Perfect Server toturial [url].
Now i have huge problem i'm getting eather "No such user here" message from SMTP server hosted at hosting provider or Unknow User: name from my ISP's SMTP server (free mails they provide)...
Mail LOG:
Code:
I'm having a problem whereby I'm able to send mail to a mailbox from several different email addresses and SMTP servers (gmail, RoadRunner broadband), but I'm unable to send mail to the same address from one particular account, the SMTP server for which runs on a mediaTemple (dv) 3.0 box with CentOS 5 Final.I've spent a full workday on the forums, trying to troubleshoot the issue, and I'm running out of ideas.The server on which I'm having the mail processing problem is a mediaTemple (ve) running Ubuntu 10.04 x64 (Linux 2.6.18-028stab070.7 #1 SMP Fri Oct 1 13:53:00 MSD 2010 x86_64 GNU/Linux), with ISPConfig 3. Here's how I setup the mail-related aspects of the Ubuntu box:
Code:
apt-get install postfix postfix-mysql postfix-doc mysql-client mysql-server openssl getmail4 rkhunter binutils dovecot-imapd dovecot-pop3d
[code]....
We're running a sendmail server on a fedora core 9 which we've configured recently. The problem is, the server is working fine but there are some e-mails that enter our server but doesn't get forwarded to the user.
Quote:
Quote:
Here it says "stat=Sent" but nothing from the above mail address has been received on the client's inbox. We've experienced this with Microsoft Outlook, Outlook Express and Thunderbird alike so far with Two(2) of our user accounts.
I'm using a linux server where nat server is running. Local user are connected from this server. So is there in tool that i can check that local user getting internet? or how can i check that a user connected from linux server using internet or where he visited?
View 1 Replies View RelatedI've been tried to be system admin, programmer, network admin, or network engineer. So, I've been studying this and that... what so ever struggling to find my talent. Back in 2007-2008, I was MS server admin/comm tech. I saw a building running MS server for user computers and Red Hat 9 as a main system server. MS sever was a just one of the user accounts of Linux server. When I log in to Linux, I could see log menu to access MS server. How could somebody make this creative thing?I'm now a Network engineer because working with CISCO router and switch is easier than working as programmer or server admin. I've studied Oracle 10 and VMWARE also but there are ceasless stuffs that I need to study... For now, in regards of my limited brain power, network engineer is proper for me.
View 1 Replies View RelatedI need to add a aditional user account for monitoring web over nagios.
View 2 Replies View Related