In our small company, we have a policy on our current Windows computers to install and use TrueCrypt to encrypt the complete harddrives, together with Heidi Eraser to make scheduled overwrites of "not-used" data on a schedule to prevent the eventual reconstruction of deleted files.
We believe that this make quite a good foundation to prevent our data from getting in the wrong hands in the event of someone loosing a laptop on the way to the office or even a burglar stealing computers over night.
So to the question:
Since we have nearly switched all of our computers to Ubuntu during the last few weeks and we wonder what we could and should do to our Ubuntu computers to ensure a good, solid foundation to keep our data secure?
When the custom animations added to my presentation exceeds an amount and i run the preview, my computer freezes. I have never had such problem with microsoft's office. I have open office 3.2 on ubuntu 10.04. my system has 4GB of of ram, core i5 430m cpu with integrated intel graphics. is this phenomenon natural? is it duo to my system limitations or it's an open office bug? what could i do now?
I have a dell CPi laptop that I only want to use for connecting to my office computer via freenx. The laptop has a pcmcia wifi card, 4gb hard drive space, 128mb ram, and is a Pentium II 400mhz. Can you recommend a linux distro for me? I won't use any features other than freenx and wifi, so i'm sure this laptop is fast enough for that.
I'm having sporadic issues with the openoffice.org program. Sometimes, power point presentations will crash the program and then I can't open any open office programs without rebooting the computer. The problem seems to be just with powerpoint files and I'm not sure what the issue could be.
I've ran into something rather odd. I've installed wine and Office 2007. If I am to open a office 2003 (doc) or office 2007 (docx) file, it will open wine and office 2007 to edit the file. This is the desired behaviour. If I am to open an office 2003 (doc) file in firefox, openoffice will be opened. If I am to do the same with an office 2007 (docx) file, wine and office 2007 will open.where to start to get wine/office 2007 to open files from firefox?
I just found out about Libre Office. I am currently using Open Office on my Netbook (ubuntu 10.10), and NeoOffice on my Macbook (OS/X 10.6.7).
QUESTION: I have some backups using these formats: .sdw, and .odt. Can Libre Office read documents saved in these (StarOffice / Open Office) formats?
FWIW: I would have preferred to use OO on both machines, but unfortunately OO never fixed a problem with printing envelopes in the Macintosh version. Hence my use of NeoOffice.
I have both installed, but since LO is going to be the way Ubuntu goes for office applications, can I easily have my system setup for native LO? Native being if I double clock on a .doc file it will start up LO's Write program instead of OO.Will just removing OO achieve this or is there an easier way? I looked for file associations and didn't find it.
Sometime ago I realized my Open Office had changed, I don't remember having done anything in particular but today it isn't the regular open office but what I believe is a KDE version or idk. The theme changed and instead of regular menus I get "window" menus, in the sense that they get effects as regular windows. It's hard to explain it.
[URL]
I tried uninstalling it and installing open office and also in the soft center open office is more than once, but I tried the different versions and I still get the same problem.
I have an Ubuntu Lucid server that is public facing. I haven't really configured much on it except installing SSH (sshd) and Apache (httpd); I don't have a firewall or anything. Are there some common rules that I should follow to secure my system? I've been following this article on securing my Apache.
We have a public server and it can be accessed from any where through ssh.
My question is my server should not allow anyone directly to login as root user. First he should login as normal user then he should switch to root user.
I also have another questions is there any specific linux command is there to end other users ssh session without rebooting the server.
I installed OpenSSH via tasksel and am using Webmin for administration. I'd like to be able to SSH externally and want to setup the necessary public/private keys to use in FileZilla.
In Webmin, under Servers > SSH Server I can click 'Host Keys' and see an RSA key. Is this the public or private key for my server? Do I need to copy this into a text file to import it into FileZilla on my remote PC (that I want to connect from)? Is that all that needs to be done (aside from opening the port on my router/firewall)?
Is there an automated way to set this up via Webmin?
I'm running an SFPT server which my clients logon to using an FTP client. at the moment each client has a user name and password.
Thus far to improve security I've disabled root login but an looking for futrhrt ways to protect it from attack, having researched using google some of the security features suggested prevent the FPT clients from connecting.
Questions: 1- what further things can i do to secure my server that still allows it to be usable for FTP clients? 2- specifically is it possible to use non login pre-share key authentication?
That's the title of article at[URL]Did ubuntu do all this already or is it that ubuntu isn't secure out of the box that it is assumed to be?explain if these steps are applicable to ubuntu and why/why not.
Recently I have installed Debian Squeeze amd64 on my home desktop. I have used the standard installation method using DVD. I use my desktop primarily for web surfing, playing games and web application development. I do run apache2 and mysql servers on my system as need arise. I have been told that apache2 server execution without mandatory access controls such as apparmor or selinux makes the system vulnerable.
I could not find apparmor in synaptics, so I choose selinux for this task. To start with I installed identical environment in virtual box and tried installing selinux as given in url [url]. After the last step i.e. after running command selinux-config-enforcing and reboot I get login screen, I choose username and enter password. Thats it. The screen becomes blank and no further progress. I am not sure where did I went wrong. I am also curious whether selinux is really required in such cases or there is any better way to handle such situations. I also thought of running apache2 service from virtualbox. But I did not find it suitable for my requirement though.
I am having trouble trying to setup an FTP server, so i made a video lesson to show how it is done PROPERLY. I actually had this before, but it was poor quality, and i went through it a little fast; so this time it is better quality and i explain more details. You can find it here:
I'm still new to PHP and SQL, but all the tutorials I've found connect to the database like this:
PHP Code:
Right now I'm just doing local network tests before exposing everything to the Internet.
Wouldn't leaving the password in there as plain text be a huge security issue? I tried downloading the php file off the server, and it just comes down blank. So does PHP already have a security feature that doesn't allow anyone to just nab PHP files off the server?
And for Postgre, I have pg_hba.conf set up to "trust" it's own IP address:
Code:
Would I need to use something like Kerberos, PAM, or ident authentication? Right now the only plan is to use it as login system for a website. The clients themselves won't be accessing the DB itself, because all the DB access will be through PHP.
I am creating an FTP server using VSFTP. It will be in the wild, initially at least only functioning as an FTP server. I have the iptables config from the previous box I set up 3-4 years ago. I have also got private/public key authentication running with SSH to eliminate brute force attacks.
Here is where is my specific question. On the old server I set up something that allowed my clients to log in using accounts that were not system accounts but would translate to a single system account that was limited to FTP. I remember setting up a passwd account that had username / password pairs that FTP used for authentication.
What app is this? Is it just part of VSFTP or maybe SELInux? I really want to utilize this.
I am trying to secure my LAN a little by doing static arp entries. But I am not sure how to go about doing this... I have a gateway, and I have a seperate box that runs dhcpd. I would like to assign every machine an ip and only allow it to use that ip, therefore static dhcp entries, and static arp entries on the gateway.
1. But how do I prevent someone from picking an ip that nobody is using and assigning it manually?
2. I assigned a static arp entry by doing arp -i br0 -s 2.2.2.35 00:1F:E1:CC:2E:46, how do I remove it now? I used arp -d but now it just says:
? (2.2.2.84) at <incomplete> on br0
3. I would also like each machine to have a hostname/dns.. like machinex.local, where I can do forward and reverse dns lookups, how do I config this?
4. I know static arp can be fooled if someone just clones an allow mac.. is there anything else that I could use that is more secure for wired lan?
5. I have my gateway running rflow sending all data to ntop running on my dhcp box.. Ntop is kinda cryptic, is there anything easier to use? or something that is better in features? I would like to see how much bandwidth each local ip is using and possibly what protocols, like ntop already shows.
I run Slackware 13.0 and I have an apache server 2.2.13 with a postgresql 8.4.1 database attached to it via php 5.3.0. Both the apache server and the postgresql database are on the same machine.
I have the apache server port 80 exposed to the WAN. It is not a fqdm, it's just a simple IP address. On my index page, a user can login with a user/password that encrypts to md5 via postgresql and takes them into the database.
Here is the vulnerability. Can't a hacker just scan port 80 and find my ip address running apache. Go to my index page, see that I accept user/password for authentication into my postgresql database. Then they could setup a script to simply inject html GET requests of random users and passwords and use those values on the php page(the one where the action link is pointing to in the form tag) that contains user login/password in php to login to my postgresql database. There's nothing stopping that. It would be a simple dictionary attack.
I checked out postgresql documentation and it suggested using ldap, kerberos, or md5 and not trust. I'm using md5 already. I currently use fail2ban for proftpd and sshd and it works great. After 6 failed user/pass attempts on either of these services, the IP gets banned via iptables for 24 hours. I love it. I was wondering if I could use that. Of course postgresql port is not exposed to the WAN which is a good thing. I know that when I put in a wrong user/pass from my index page, I get sent to a default postgresql pg_connect warning page. Perhaps I can increase the verbosity of postgresql's logger, find the phrase that it spits out when there's been a bad login and create a filter using that.
I understand that the way it is currently setup, my server is pretty secure, but where there's a will there's a way. I just feel that my postgresql database is unprotected even tho the postgresql port is not exposed to the WAN. They could just bruteforce from the apache server.
I am using a linux fedora 12.0 with L7 filter and proxy as the main firewall for my system composed of some several hundred pcs. The port 80 is open for certain mac addresses these computers, that is to say that , only a few of these computers have access to internet and others have been denied. However, they have access to two specific websites on internet .
I would like to know that if there is a virus attack through these websites in form of executable adwares or malwares, can this linux firewall detect any information that might be directed out of those computers to the attacking source? In other words, is there s tuning in L7 filter or any other filter that can detect transfer of files or some bites through port 80 unrelated to normal http requests?
I was looking for some help getting a good list of IP tables and other security measures on my new Linux Centos VPS.. I have some files I wan't no one other than myself to have access to.. I will be running some gameservers on it on ports 7777 and 7778 though and I want to have VSFTPD running for fast file transfers.
There are multiple servers to be backed up. Different access rights exist in each server. There are two backup servers with plenty of disk space, one local, and one offsite. The local one feeds to the offsite one. The rsync command is being used to make a replica of backed up data. Deleted data is also being archived. There are two methods that have been considered: One is to have the individual servers run rsync which logs in to the backup server to push data. Two is to have the backup server run rsync which logs in to each individual server to pull data. Because system data is involved and meta information (like owning user) must be stored, root is required to access the data as well as to store it. That means everything runs as root both ends. So method one was quickly dismissed because each server would effectively have rights to access ALL the data on the backup server since it logs into the backup server as root. The security containment here involves different groups using different servers, and they need to be isolated from each other.
But even method two involves some risks that are a concern. This means one machine has access rights to every server. If the backup server were compromised, every machine could be compromised.What I'd like to find is some way to allow backups to be run without either machine granting root access to the other, while still running as root, or something equivalent, that allows accessing all data and storing all metadata. So I was looking at setting up an rsync daemon on each individual server (running as root so it can access what it is specified to access), and running an rsync client on the backup server (as root so it can store metadata). This opens network access issues. Any user on the network can connect to the rsync daemon. So password protection is needed. But this communication is also not encrypted, which exposes the password and the data should the network be sniffed.
So now I'm thinking about a non-root ssh login between machines. The backup server would login to a non-privileged user on each individual server and set up a secure forwarding channel to the rsync daemon. Is this the best that can be done? Is there a way to run rsync via SSL with key verification so it can all be done together? I'd like to have the rsync daemons configured to always talk SSL, and always verify the client's key against a list of authorized keys, and likewise the client verify the server's key against the known public key for that server.
I have a blog on my site and am using htaccess rewrite rules to block all those nasty scripts from trying to execute various things mostly relating to phpmyadmin and wordpress. This has reduced my httpd error logs to less than half from before.
Am trying to come up with a rule to rewrite all calls to certain files if they are not originating from my domain, here is how it looks right now but it's not working as I can see scripts trying to hit "wp-comments-post.php" getting a 500 Internal Server Error.
I had some help via email from someone drafting my CV into the correct table format with open office. It's a .pdf file but now unfortunately lists the author in the document tab of properties as that person.
Is there anyway to change it to my own name, and also how do I 'secure' the document so that it's not easy for people viewing it to copy and paste, I've heard this is why many people now use .pdf for their CVs/rsums?
Recently I've been going over a few resources (like Guide to the Secure Configuration of Red Hat Enterprise Linux 5) some forum members have provided and I've been using other resources I use for work (like the UNIX STIG requirements). I would like to improve my skill-set on hardening a linux server (for work and personal interest). Is there a specific linux distro I can install that is purposely corrupted/vulnerable where the sole goal is to secure it, and then have the means to scan it to make sure all vulnerabilities are patched and secured?
I'm currently using Slackware 13.0 and have my machine behind a Linksys DD-WRT router. I believe the DD-WRT software has all ports blocked by default so opening up my machine for SSH login would only leave my system vulnerable at that port. To give an extra layer of security for that opened port, I've created the following script that would be invoked as the users' shell.
#!/bin/sh #if SSH_CLIENT defined run nail with $SSH_CLIENT as an argument if [[ -n ${SSH_CLIENT} ]]; then
