Ubuntu Installation :: Restricting Access To The Development Servers And Protecting The Data?
Nov 26, 2010
Every developer in our organization has access to a single development server and all development ( other than basic experimentation ) is done on this server. This is primarily because there are several interdependent systems and having copies of these systems on each developers machine slows that machine down to the extent of making it completely unusable. All developers access this development server using ssh. Of course this implies that scp will also work as the sshd daemon is running making data vulnerable.
We are currently attempting to secure the code and data on this server from unauthorized copying and transfer.
Currently I am attempting to set up virtual machines on each developer machine that can then be used to connect to the development server. I have created a shell that does nothing but allow for the typing of one command that simply transfers ( ssh login ) the user onto the development server.
I am using virtualBox and ubuntu mini to achieve this.
Problems: The first question is if this is a reasonable way to achieve what I am attempting to. Is there a better way?
The others is more in terms of the set-up: I am attempting to resize the virtualBox console. I tried this by editing grub. Although I am able to resize the screen at start-up the entire screen goes back to ( what I believe is 800x600 ) after the Ubuntu splash screen.
The virualBox seems to have completely messed up the keyboard detection how can I rectify this?
The other is regarding the restricting of shell access I have currently done this by removing access to /bin/ for normal users. Is this secure enough or is there a better way?
Intrepid Ibex (U8.10) is what I am using presently and I would like to know if there are measures that I can take to prevent my ISP from keeping data that flows between my PC and it.
I am living in Australia, I am wanting to keep the bastards (read: Australian Government) ignorant about what I use my PC for.
Its them storing any of my personal information that I am worried about, but if I can keep my history from them completely, even better...
We purchased a new database system at work last October, ditching the old system because of a lack of support from the vendor. This is a retail Point of Sale and Backoffice database system. I am not sure what system the new one runs on, but the system we replaced was a Firebird data base. The reason I am posting is because we are now in need of the information contained in the old database which was not completely imported into the new system.
Basically the problem is this: The database in on a Windows XP system and I found a copy of SQL Manager Lite 2008 on the system, which after quite a bit of studying, I figured out how to extract the database into a removable file. I have this file (178MB) on a USB stick in a file called Backoffice.fbd.
My studying suggests to me that I can get into this database with MySQL. I have never used this and have no clue how to do this. All I want to be able to do get into the database and create tab deliminated spreadsheet files for each of the database sections (Customers, Repairs, Sales History, stock files, etc.) Is it possible to do this with Ubuntu and MySQL and if so, can expert suggest one or two things to get me started. While a guided tutorial would be nice because I am not an expert, I am willing to learn on my own if someone could point me in the right direction.
I have a desktop (picard), and I want to be able to connect to it from my sisters laptop (zuma) to quickly scp files from my machine to hers. At the same time I don't want the whole world to be able to connect to my machine via SSH. We're connected through a router. I've tried adding the line
"ListenAddress 192.168.0.0"
to /etc/ssh/sshd_config, but this prevents me from being able to connect to my machine from another on the network. From my understanding of the ListenAddress directive, I would assume "ListenAddress 192.168.0.0" would allow my sister's address through (192.168.0.192).
In my office i want to setup a Linux machine for public usage , in this machine i want to restrict/deny access to certain applications (ex:- k3b, xterm , pdf reader etc) for certain users/group of users as per the office policies.
1)By what method/procedure i can achieve this objective ?
I have a small home network with a router to the outside world and an ubuntu server through which traffic passes first.My ISP limits my download usage during the day, which traditionally has not been an issue, but now the children come in from school, boot up the internet and up goes my usage!Ideally I would like to be able to restrict them to IM and maybe certain specified URLs (I think the latter probably needs to use Squid though?). Once the download limits are lifted, I would like my iptables to allow HTTP, etc, but pretty much block most other things.
I have two sets of iptables currently to approach this issue, with a cron job that runs to swap between one and the other.Chains run in order, so if rule A says allow x, and rule B says drop all, then X should still be allowed. However, try as I may, this is not what happens in practice. I have even tried changing the overall order from ALLOW to DROP in FORWARD and then approach from the other angle. That didn't work either. *IS* it actually possible to block all but http / https and IM? These are myrules:
Code:
# Generated by iptables-save v1.4.4 on Sat Jan 9 19:15:49 2010 *nat :PREROUTING ACCEPT [583:45175] :POSTROUTING ACCEPT [694:60887] :OUTPUT ACCEPT [143:18642]
I have an internet and mail server installed CentOS, and I want to restrict client machines to access a certain website, e.g. if i want restrict users from accessing the website: www.mydomain.com, How do I do it?
Is there a way to restrict users that are logged into the shell via SSH/Telnet/SFTP from using the 'cd' command to move into certain directories, yet not use the chmod command to do it? For instance, restrict users logged in from accessing the /var/www/ folder but have it still accessible using a web browser. Also, would this defeat the purpose since they could just wget from it if its still web accessible through a browser?
i installed tomecat6 in Linux server i deployed xyz.war file and jkmonunt in Apache this is for out side usage recently i deployed one more war abc.war i din't mount in apache this is internel application usage purpuse in my application i tried to call this abc.war (http://X.X.X.X:8080/abc/abc.war) but i am unable to access this folder i checked the iptable rules i gave access permission in 8080 port.
What app/util for Ubuntu Server 10.10 would allow me to browse and download data stored on the server via a website interface similar to Windows home server?
I'm trying to restrict a particular ssh user to his home directory, I'm just giving him access so that he can ssh to another server that is only accessible from the former but restrict his movement so that he can't poke around the former.I already made some changes to sshd_config file and added the following line at the end:
Did some test, user joe can ssh to the server but unable to do anything aside from logging in, even a simple ls command will immediately close the putty session. I know I'm still missing something but don't really know what it is.I also tried this how to that uses rssh --> http://www.adamhawkins.net/2009/05/r...ured/#more-431 however when I login the session immediately closes.
Is there a way to limit the speed that apache will send a page to a specific computer in my LAN? I would like to be able to test what my pages would be like if they loaded at 25KB/s for example. My Server is 192.168.0.2 and the other 'browser' computer is 192.168.0.4.
I'm in charge of setting up svn on a Fedora Core 9 server running cpanel for a company website. The company currently has 4 developers working on the site which isn't live yet. The server currently has one user and the site is located in ~/public_html
My question is what is the best way to set up subversion for all the developers? Should I create the svn directory in ~/ or should I create a new user and put it in their ~/public_html and create a virtual host to it so I can have www.dev.site.com point to the svn version of the site? And then create a group for all the users so everyone can access it?
Before the other day, I'd copied a live CD to ramdisk and run it from there before, but the disk was INX (INX is not X), a live CD based on Ubuntu that runs entirely in the text mode, no GUI. INX is a terrific product: colorful, educational, light, agile, fun to use, and and often damned useful, but when an OS only uses text, you may not notice how much running from the RAM speeds up an OS. Previously, I'd assumed that the best reason to run a Live CD from the RAM was to free up the CD ROM drive. When I started running a full KDE 3.5.10 Desktop from the RAM, it didn't take me long to notice the awesome boost in speed and performance.
The computer has the fastest access to the data that's in the RAM. (The "A" in "RAM" stands for "access", right?) So the machine is faster. As the RAM gets larger, I'm sure more and more live CDs are going to offer the RAMdisk option. Right now both INX and SLAX share the characteristic of being exceptionally small CDs, and that makes them well suited for this kind of application. The "minimal" version of Slax, the basic CD without any modules added, is less than 200 mbs, which fits very nicely on my 1024MB RAM. I now use the minimal SLAX cd to initiate the system, and I keep a collection of the modules on my hard drive to copy to the RAM and activate at will.
Here's a couple of screenshots: [URL] I'm using Wine here to run my one and only favorite Windows program, a text to speech program called READ PLEASE. Note that I am also running KTorrent, which is uploading from and downloading to my external MyBook hard drive. [URL]. Here's a shot of yakuake, which is sort of like Konsole with superpowers. I just upgraded my hard drive KDE system to 4.2.3, and they still haven't fixed Yakuake yet. I know it's been reported, so I'm sure it'll be taken care of.
I need to install Trac on a server that's on a private development VLAN (no internet access). Obviously Trac needs to go out over the internet to download/install various things. Does anyone know of an RPM or tarball out there that I can use to install Trac without being connected to the net?
how to setup a local mail server for internal testing on my php development work. For example if I sent an email using php script to [url]....I should be able to check the mailbox of 'someone' either in Outlook or SquirrelMail.I have done some reading about this. All I know is that I need Postfix with Courier. But I just don't know to get it working.
Where apart from ~/.kde4/share/apps/kmail does kmail keep account data, such as login data/names of pop/smtp servers? I wanted to install an entirely clean version of kmail, so I uninstalled/re-installed kmail via YAST. I manually deleted ~/.kde4/share/apps/kmail. After installing kmail I found that the account data of my Yahoo account were still listed in the kmail configuration panel. Shall I delete the Yahoo account within kmail prior to uninstalling the kmail package?
Last week I installed Ubuntu 10.10 on my system in dual booting. I had installed succesfully both but unable to see data files from windows OS. Though I have excercised the options in various resources available on internet/blogs. System takes about 03 hrs during installation process. I am also unable to configure Thunderbird.
System hardware info is as - System ManufacturerVIA Technologies, Inc. System ModelKM266APro-835 System TypeX86-based PC
I'm a bit of a noob with ubuntu, but have been using the dreaded windows for many years, programming. My tool of choice is Delphi, which no longer exists for linux.
There is this freeware (of course) application called lazaraus which I can install, but whenever i try even run the simple program i get
/usr/lib/lazarus/0.9.28.2/lcl/masks.pas(28,22) Fatal: Can't find unit contnrs used by Masks
what happened to setup.exe? and all needs doing to install, just click next, next, next ,next, wait a bit and there is delphi sitting in the start menu, and it works
I tried to build the latest lua package from source but the development libraries are missing. Where are they?
[url]
Quote:
Quote:
After downloading the files for your system you'll probably have two files named lua-5.1_XXXXX.tar.gz - contains the library and includes for developers lua-5.1_XXXXX_bin.tar.gz - contains the executables for end user
But the archive at [url] doesnt contain such files.
I'm trying to do a coursework at home which is a java web app. I've installed Tomcat and mySQL, both appear to be working fine. I have Netbeans installed already - from the Ubuntu Software Centre ages ago - when creating a new project it doesn't give an option for a web app project.... Is there some extra package(s) I have to install ?
I have installed Ubuntu 10.04 on my desktop. Installing eclipse for java development. before installing I want to install java and tomcat server so please guide me installing all the below software in series. 1) JAVA 2) Tomcat Server 3) Eclipse IDE
I have a LAMP box which runs on Ubuntu 8.10 on it. I am looking to password protect the web directory, so when a visitor accesses any site within they are prompted for a username/password. Is there a package available?
In the organization where I work, we are working on a project written using PHP. It is a small project. Is there any software which will allow us to protect the code somehow? I am not a developer here so I have got not much idea about it and most of the developers are .Net developers and it allows protecting code and developers need something like that.
I currently run 9.10 and have / and /home mounted on different partitions. From what I understand, I can do a fresh install of 10.04 on / while preserving my settings on /home. What about the development tools? I currently have Apache web server, Tomcat, MySQL, PostgreSQL installed. I presume I will have to reinstall them if I do a fresh install right? So if I want to preserve these dev tools as they are I should only do an upgrade from the update manager? Are there any major advantages to a clean install over an upgrade?
I would like to install a very light linux distribution. Light enough to be an host running virtualbox (or vmware player) and then a linux virtual machine of choice on it. Occasionally I could be in needs of running a windows distribution.
The reason why I would like to do this is that I am a developer. I found much convenient to prepare my development environment and run it from machine to machine. Rather than reinstalling a distribution and set it up each time I buy a new laptop.
Do you think it's possible ? The alternative could be to make a kind of linux image and install on a brand new PC, but I don't know how to do that and what are the downside of it.
I occasionally have friends using my home computer. They just use my account.There are some files that I want to hide/protect from people using my computer. It's not that I need highly secure encryption, it's more like I want to make sure people don't accidentally see my porn collection if they borrow my computer to check their email.Is there a way to set up a folder such that it's required to enter a password (e.g. the admin password) to see it's content? Probably I could change the owner of the folder, so that I can't access it without password?How do you protect/hide your secret or intimate files?
It seems that AppArmor can't be effectively used to protect read access to files from users (including roots). It is possible to create a profile for, eg, 'cat', but then the users can use 'less'.Is this true? Should use SELinux instead for this?
I need to make it so that someone who is using my computer, logged in with my user name, is prompted by a window in the GUI if they try to access a certain folder. Logging in with a different user name is not an option, so "chmod"ing, "chown"ing or encryption is out. I picture something similar to what happens when you try to access GParted, Synaptic Package Manager, etc. When you try to access those, a window pops up prompting you for the root password. The reason being is that my wife uses my computer, logged in as me. She doesn't ever log out and log in with the user name I set up for her because it's "inconvenient." She's also not computer savvy whatsoever. Also, my kids run around like maniacs and my 3 (almost 4) year old knows how to click on things and type without knowing what she's doing. This has resulted in some deleted/changed files such as spreadsheets with important financial data and or Cisco configs in them. I would like to leave my computer on without having to watch over it all the time. Ok, I know there are threads in various forums all over the place with people who have asked this question, but nobody ever seems to actually provide an adequate answer or solution to the original poster as far as I can tell. (I have been searching for two hours on Google with no results). I am running Debian Squeeze. I am not necessarily a "beginner" anymore, being that I can move around and do pretty much anything I used to be able to do when I used to run Windows (yuck), but this is definitely something that is a bit over my head.
There are a few requirements, however. -No creating new users or having to log in as another user -I do not want to simply "chmod -r", "chmod ###", or "chown" the directory -I also understand you can encrypt directories, but that's not what I need.
