I currently have a user on my Ubuntu server that I want to block completely from login. I know right now they login with SSH keys so they don't need to enter their SSH password. Can anyone tell me how to remove the SSH key login for their username and root user which I believe they use too and block SSH access alltogether.I will then just change the root SSH password.I'm terrified they will do some harm so I need them blocked out ASAP.
Does anybody know if there is a quick and easy way to simply disable samba security to avoid "Access Denied" errors when trying to access shares via Windows XP?
I am learning SELinux from LinuxCBT and I'm stuck at one place. Now video is on RHEL 4 (so tell me if things has changed since, cause I can't find anything related) shows how to disable SELinux security on httpd.first I don't know diff between initrc_t and uncofined_t; and second I don't know if something is wrong is everything is all right.
I've made an SSH server using OpenSSH on my desktop Ubuntu (10.4) for tunneling. However, I'm noticing that the public account I made for my SSH (one to give to friends to use proxy) has SFTP access to crucial system files. I'm okay with SFTP being enabled on my account, but not on this public account. Does anyone know of anyway to either disable SFTP to that user, or restrict access to important files?
Set up a few machines yesterday to test out some parallel code. Just for fun, I selected the "encrypt users files" option when setting up Ubuntu (10.10). I had never used the option in years past. Now I'm finding it a pain. EG., ssh requires me to already have a login to the machine before it will let me log in w/o a password (eg., using id_rsa.pub and authorized_keys).
Similarly, I have no reason to encrypt files on these machines. They're just crunching numbers. Is there an easy way to disable this? Or do I need to delete my original user and make another one (with all the su privelages, etc...) w/o an encrypted file system / home directory.
Is there a way to modify the ssh_config and sshd_config files so that a user can scp but will not be allowed to ssh. I have done a search and found a tool name scponly but I really do not want to install anything. Most of the books I have only discuss how to use ssh.
I've enabled the root account on Ubuntu 9.10, however I want to stop it from being used to login via GDM. 9.10 seems to have a different GDM version, how can I carry this out under 9.10
I have tried everything to disable automatic login from the login screen (gdm). I've changed my password, I've changed the settings in System -> Admin ->Login Screen, and I've edited /etc/gdm/custom.conf (gdm.conf doesn't exist, but I created it just in case!).No auto login is set up, but I can't get it to ask for my password. This is affecting my ability to switch sessions, as I can't switch sessions without clicking on my name in gdm, and because it's set to auto login,
How do I disable showing Usernames? I want to be prompted for BOTH un and pw. If it is necessary I could just change it so that it boots into a fullscreen terminal so that you would have to input "startx" and then username and password. Or I could just change it through gui or 3rd party software.
having a slow internet connection, I bought the all maverick repository on DVDs, copied the files on a usb drive and modified the apt sources file to consider the local repository only:
Code:
# deb file:/var/www/ubuntu_local/ ./ deb file:/var/www/maverick/dvd1/ maverick main universe restricted multiverse deb file:/var/www/maverick/dvd2/ maverick main universe restricted multiverse deb file:/var/www/maverick/dvd3/ maverick main universe restricted multiverse
[code]....
Even though I am reasonably sure it is safe, this local repository is not authenticated and I can only install package through the command line or synaptic, the Ubuntu Software Centre giving an error message "Requires installation of untrusted packages"...I thus would like to disable the apt authentication check for this local repository.
I wish to prevent a user account with sudo rights from mounting attached storage, i managed todo this with ubuntu Version 8 using gnome-polkit i think it was, however i'm not able todo this in 11.04 now , has anyone got a direction i can look in, i googled alot but my searches all come up with auto mounting or how to mount drives
I opened a specific port in my router and manually configured Limewire to use the same port for all traffic, but I notice when I disable and turn off Firestarter when on limewire, my searches go really fast and dowaloads zoom really fast also I am not running as root. Is this ok to temporarly stop the firewall when I am on Limewire and then turn it back on when finished?
How do I prevent/disable a file from being copied?
I would want someone to be able to see the content of a directory, then open the relevant document, but just for viewing purpose. They cannot copy the file, either through copy + paste or File/Save As.
is there any possible way to hide currently running processes from an user? This means I do not want him to know about what programs/processes does any other user but him run. In short words if that user runs 'ps -aux' he should get only his processes.
I have a Lucid Ubuntu installed on my home PC with two user accounts, AmHero and simple. I would like to have all internet access disabled when my kids login with the 'simple' userid. And yes, internet should work when I login using AmHero. I tried this:
[URL]
..but this does not work and gives some errors on the terminal.
I can paste the errors, though I am not sure this will even work as I found this in an old post.
I use Ubuntu on my netbook, which I uses for browsing and email. It's way faster than the Windows which came on the machine. That's a nice feature, as is the price.
I like it except for the constant, perpetual, ever-present, super-annoying need to be entering passwords and "becoming root user" and so on. I am the only one using this appliance. I don't even care if someone steals it, really. There must be some way (I hope) of disabling this idea that I am a CIA agent with TopSecret materials.
I just want a simple, easy to use appliance. If not Ubuntu, is there any distro that is aimed at normal people?
I'm concerning about my web server, I use nikto to see where should I improve my configurations, then I just know my web server is enable directory indexing. I have searched and found that I should just put
Code:
Options -Indexes to disable directory indexing. I have already restart apache but directory indexing still enable here is my httpd.conf Where did I wrong ?
Code:
ServerTokens OS ServerRoot "/etc/httpd" PidFile run/httpd.pid
I am using Fedora. I want to disable Linux iptables permanently. Normally when I reboot my pc the iptable service is on. how can I disable even I turn reboot the pc.
I read somewhere that 'sync' and 'who' commands in linux should be disabled. While i can understand that for the 'who' command, why so for 'sync'?
I can find sync and who as one of shell commands, whereas also in /bin/sync and /usr/bin/who. Are the shell commands and those in bin directory meant to serve the same purpose?
I want to refuse access for some users to usb pen and audio. In previous releases (debian, ubuntu , debian-based ..) , it is enough to remove the user from the group.
that is in /etc/group audio:x:29:bela plugdev:x:46:bela,geol
with theses lines : bela can heard sound, but not geol, for bela and geol the usb pen is automatically mounted. But not for nobody else. It is NOT the case in the new release, I mean, even if I remove a user from the plugdev group, the usb pen is automatically mounted for that user.
Once again, nobody seems to understand security properly when they decide to add nifty new features. After upgrading to 10.04 from 9.10, I now have a listing of all the user accounts under "Switch from" when I go the the logout menu at the upper right side of the task bar. This is a terrible security hole that should never have been allowed in the first place, and is just as annoying as the default behavior of listing all the user accounts on the login screen.
The ubuntu installation came with my ubuntu (it does not matter which version etc.) Contains sshd_config file with this interesting lines: # Change to no to disable tunneled clear text passwords #PasswordAuthentication yes
The same lines are seen in many Ubuntu-related internet pages. This is quite surprising to see. This seem to contradict to the fact that ssh was created specially to provide authentication (with passwords, of couse) but without sending them by internet as clear text like previous programs did. But I could not find any clear confirmations of that neither in Kubuntu-related documents no anywhere else. I put below fragment of a document from RedHat. This seem to imply that if one will use two "yes", the passwords will be passed in encripted form (and this is what is recommended by RedHat). Is that true? Is this true for Ubuntu too? Is the quoted line from sshd_config wrong? Or incomplete?
[URL] RSAAuthentication yes The option RSAAuthentication specifies whether to try RSA authentication. This option must be set to yes for better security in your sessions. RSA use public and private key pairs created with the ssh-keygen1utility for authentication purposes. PasswordAuthentication yes The option PasswordAuthentication specifies whether we should use password-based authentication. For strong security, this option must always be set to yes.
Is there anyway I can disable an account from being logged in via Putty, but permits someone else to "su" into the account? For example, an application is being run as "app_account". Because there will be multiple people administering this application and the password is shared for this "app_account", I want to disable 1st level login for it. I want to make it such that only the permitted people can "su - app_account", once they have logged into their personal account. How can I do this? If I set app_account's shell to /sbin/nologin, the users are also not allowed to do "su - app_account".
