Ubuntu Security :: How To Implement Forced Commands In SSH
Jan 5, 2011
I am trying to set up an automatic backup using rsync and a publickey SSH, which requires using an empty password on the private key. I would like to lock down the key on the server so that it can only run rsync, but my attempts to use a forced command (or any other option such as no-port-forwarding) do not appear to have any effect when I run ssh -v.
I am currently debugging using the following line in ~/.ssh/authorized_keys
Code:
But when I connect, it opens up an interactive command prompt and does not display the "goodbye world" that I expect.
I am running an OpenSSH server on Ubuntu 10.04
View 2 Replies
ADVERTISEMENT
Feb 28, 2011
I use Ubuntu 10.10 with encrypted home. I'm new with apparmor. My firefox-3.6.13 is now in enforce mode - with standard profile. With this profile it should have write access only to:
owner @{HOME}/Downloads/* rw,
But I can save files (with standard downloadmanager of firefox) e.g. in $HOME itself and I can't find any other rule, which could allow that. I have thing, that ecryptfs workaround just affects the eCryptFS "part of things" and limitations of normal filenames/paths (in mounted ecryptfs) are still possible. Why can firefox write elsewhere as in to ${HOME}/Downloads? I get also this in kern.log (but not by saving a file as wrote above):
Feb 27 05:49:30 duron650 kernel: [ 2284.886631] type=1400 audit(1298782170.190:4: apparmor="DENIED" operation="open" parent=1782 profile="/usr/lib/firefox-3.6.13/firefox-*bin" name="/home/.ecryptfs/hugo/.Private/ECRYPTFS_FNEK_ENCRYPTED.FWY1tHLaOszg1UQTPB2f1Zq7Xu 0xztwk9hVX6-OCUaSGk2nU5ADkJx.rdk--/ECRYPTFS_FNEK_ENCRYPTED.FWY1tHLaOszg1UQTPB2f1Zq7Xu 0xztwk9hVXFlmP1qlJBZ2eq7XFiWljUE--" pid=2209 comm="firefox-bin" requested_mask="w" denied_mask="w" fsuid=1000 ouid=0
Why do firefox try to write to it and why do it fail even with #13 workaround?
Feb 27 06:03:23 duron650 kernel: [ 3118.231818] type=1400 audit(1298783003.534:49): apparmor="DENIED" operation="open" parent=1782 profile="/usr/lib/firefox-3.6.13/firefox-*bin" name="/tmp/.X0-lock" pid=2304 comm="firefox-bin" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
Why try firefox to access X lock?
View 4 Replies
View Related
Nov 1, 2010
I study about file systems using on Linux and I try to implement file system format:ext2I'll implement virtual disk, And format as file system - that is implemented. So here is a problem. I want to know that How I mount this virtual drive that I implement ?I'm not asking detail codes, but I want to know about fundamental principle of "mount" disk. What is the fundamental principle of "mount" disk?
View 7 Replies
View Related
Feb 23, 2010
if it is possible to implement rbldns or any similar thing which could work over ssl?
View 3 Replies
View Related
Mar 9, 2011
is there a way to monitor use of rm, cp and mv commands? (other than in history)... i would prefer if it were logged in /var/log directory with time and command (with its arguments).
View 5 Replies
View Related
Jun 7, 2011
I followed this thread:[URL]...When I get to this part:sudo genprof firefox it does not work in the terminal. Is this still supported for Ubuntu 11?
Also, I installed the profiles. Is something supposed to happen now or do I need to configure them?
sudo apt-get install apparmor-profiles
View 6 Replies
View Related
May 24, 2011
I want to restrict some of my Operating System users running unwanted commands. I just want them to run specified commands only. How can i achieve this?
View 9 Replies
View Related
Mar 4, 2010
I need to launch a bash file in Linux from an unprivileged user session, file that will run bash commands as root. But I do not want to create an user with root privileges to do that also the process must be silent (no password asked).
How can I do this without adding a user in sudoers and without giving rights to all users to execute the commands from that bash file?
I have tried SUID option witch would had been good as functionality but I understand that SUID doesn't work for script bash files.
View 14 Replies
View Related
Jun 3, 2011
Ok, so I have a few web apps that need to run shell commands. Heres a great example of one:
Code:
This is a PHP script getting my system volume. Herein lies the problem... www-data doesn't have permission to do this!
I changed my apache config to use MY account as the web user, and it does in fact work the way I want it to.
Obviously, I dont want to leave apache running as me, and want it to keep using www-data.... heres my question... how can I give permission for www-data to execute certain programs?
View 3 Replies
View Related
Aug 11, 2010
I want to get a of log all the commands executed by the root user with the following details :
incoming ip
username (thru which su was executed)
time and date
all the commands executed as mentioned above.
Also if user has managed to login as root, he should not be able to disable / delete the above info. Can this info be collected at some other physical server ?
View 5 Replies
View Related
Dec 15, 2010
I've firewall machine customers connect on it then connect to one of another 3 machines as root through ssh key , is there any way to know which user connect to which machine and what command that he has executed without using script command ?
View 1 Replies
View Related
Feb 5, 2010
I read somewhere that 'sync' and 'who' commands in linux should be disabled. While i can understand that for the 'who' command, why so for 'sync'?
I can find sync and who as one of shell commands, whereas also in /bin/sync and /usr/bin/who. Are the shell commands and those in bin directory meant to serve the same purpose?
Finally, how can i disable these commands?
View 4 Replies
View Related
Jan 10, 2011
trying to devise a new sudoers configuration while building a new SOE and would like to force everyone (including system administrators) to use rootsh in favour of doing things like sudo -s, sudo bash, sudo tcsh and so forth. Effectively, use sudo to use any shell other than rootsh. Is there a way to allow users to run anything they want except shells. I realise this is a default permit which inherently is defective, but I'm not convinced that going through the 1559 executable commands of my (as yet incomplete) built system to decided on the likely 1000+ commands I would want to be genuinely allowed. As I said this is for system administrators first, and I'd like to forcibly instil the habit of sudo <command> or using rootsh to get an audited shell. But I know people are already not doing enough sudo <command> as it stands, rather they switch to bash.
View 7 Replies
View Related
Jan 24, 2010
I am running karmic koala with a recent install of snort 2.4.8.1(build 3 and i am at a loss for useful commands in solving an internal problem(within the network).All i have is `"sudo snort -v -i wlan0" on my very short list of useful commands regarding ids.It is doing little to no good in resolving my problem with a network snoop besides showing that it is running;i need some more weight (knowledge) in order to rectify the problem?
View 4 Replies
View Related
Mar 3, 2010
I need to launch a bash file in Linux from an unprivileged user session, file that will run bash commands as root. But I do not want to create an user with root privileges to do that.
View 10 Replies
View Related
Oct 16, 2010
how to prevent the execution of the following commands or how to set a policy or rule that prevents the execution of the following malicious commands
dd if=/dev/zero of=/dev/sda
rm -rf /
View 3 Replies
View Related
Jun 10, 2009
Senario is we have a system where root has authorised keys set up so that it can do a passwordless ssh to $WORKSTATION. I then need to run a script on $WORKSTATION as user "bob" and NOT as user "root". I do not want to set up user "bob" to be allowed passwordless ssh so any ideas how I can do this?I have tried variations of (as user "root"):ssh $WORKSTATION "su - bob; ./my_script"
View 5 Replies
View Related
Jul 5, 2011
I am using Fedora 14, I need to change the directory of a folder(myweb) from "homeuserdesktop" to "varwwwhtml" . Please give the Fedora commands to do this.
View 2 Replies
View Related
Sep 1, 2010
Background you can skip: I have an old Dell laptop, an Inspiron 2650, which I use primarily as an internet terminal at home. I have switched back and forth between XP and different Ubuntu releases, and Lubuntu is what I am running with now. At some point I upgraded and the hardware support for my laptop broke. I have done multiple clean installs, and using any 10.04 Ubuntu distribution I have to disable ACPI in the Grub settings, or else my mouse and kb will not work. So...
Question: Since the OS shutdown feature can't turn off the laptop power with ACPI disabled, I often hit the laptop power button and skip the shutdown process entirely. Most of the time I am only running Chrome, so I am not worried about losing or corrupting local data. Is there any valid reason why this would be a problem? Does the shutdown process do anything important enough to justify the hassle?
View 7 Replies
View Related
Jan 12, 2010
I am running 9.04 Server (standalone). It had been running fine since I installed in last autumn. Upon reboot, fsck of the root filesystem was forced and it hangs at the same point (16.5%) every time. I was able to break out somehow with cntl-alt-del but the boot was to a read-only filesystem. So I couldn't disable the forced fsck. Instead, I tried to fsck there. It started, but hung. I couldn't do e2fsck -v as it needed the device and, although I worked on UNIX systems for decades, I am not familiar with the /dev/mapper stuff.
Looking at other threads, all involving the desktop GUI Ubuntu, I tried some of the suggestions. Went into the BIOS to see what I could disable. I killed the serial port and similar. (Some said that onboard modems interfered with the checks in /dev.) I also tried to boot from my original installation disk. That does work.The suggestion is to choose "Try without any change to your computer". The problem is that is not available on the server installation, apparently only the desktop (GUI). I had install, check CD for defects, test memory, boot from first hard disk, and something like repair or recover a broken disk. I started the last of them, as it seemed to be the only option. It failed because it couldn't get a dhcp address. I could manually configure it (as it is hard addressed anyway), but I didn't want to start screwing up configurations not knowing where it was going, whayt it would ry to do, and risk losing months of hard work.
Without help, I think I will be forced to install the OS on a second drive, use that install to fsck the original filesystem on the original disk, edit the fstab (or whichever has the config) on the original disk to disable fsck, and return to the original boot.I am building this server for a nonprofit and have put in many hours writing mysql/perl apache cgi code for them as a free service and hate to lose it all and set back everything.
View 2 Replies
View Related
Aug 27, 2010
10.04 64-bit
+
NVIDIA GeForce 8500GT 256MB
So I kind of had ubuntu working, but then I tried updating to the newer nvidia drivers and I broke it. I had to uninstall/purge nvidia so as to get ubuntu past the black screen/no signal to monitor...
I had been using a "Broadcom B43 wireless driver" which used fwcutter to extract firmware from various source files. I have never been able to get this install working with nvidia drivers and am about ready to try anything (including yet another reinstall).
**Nvidia drivers 96, 173, & current cause my system to freeze, lock up, reboot, fail to boot, etc. You name it and it's happened.**
I tried using synaptic, jockey and the terminal to install nvidia drivers. Then I tried adding the swat ppa and installing through System-Admin-Hardware Drivers to no avail.
Every time I start my PC it displays this window.
And when I open Hardware drivers this is what appears.
View 8 Replies
View Related
Sep 9, 2010
I have a Toshiba Laptop Satellite L355-S7905 Intel Celeron Processor 585 @ 2.16 Ghz, Mobile Intel GL40 Express Chipset. 4GB of Memory, 160 GB HD. Tri-boot: Windows 7, Unbutu 10.04 and Fedora 12.
Here is what happened: I had a hard/forced shutdown while using Ubuntu 10.04. Some warning text flashed on the screen before it went blank and I could not read it. Now when I turn on my laptop it freezes on the Toshiba set up screen. I can not go to the F2 setup, I can not go to the F12 boot seqence and I can not use F8 safe mode. Also the ESC button had no effect.
I have tried turning it on with the Win 7 cd in the drive but nothing. The same when I put my Ubuntu 10.04 cd in the drive, nothing. My guess is that the forced shutdown messed up the bootfile/grub order. The harddrive runs for a few seconds then stops. Should I attack the problem from a Windows view point or a Ubuntu view point?
View 8 Replies
View Related
Oct 16, 2010
Flash player with Ubuntu is really annoying. Streaming video is jerky and forget about going to fullscreen.I have tried many patches/fixes but no luck. I tried it on 10.10 and 10.4.I'm using a 945gm graphics card. 3 gb of ram.Its a real shame because I really enjoyed using Ubuntu, however i watch a lot of tv via the internet so cannot put up with the bad quality. Even ..... would play properly.
View 6 Replies
View Related
May 25, 2011
Following Problem:I am only using Linux at university, so I'm basically beginner. Today for some reason after logging in the the power of the computer went off.After restarting and logging in again I couldn't start my firefox (which was running before).Now I don't know whether it is because I'm still "logged in" with the old account (since logging in on several computers/terminals is no problem), or anything eitherrivial or a real problem...Is there any way to find out if I'm logged in on another terminal, and if how can I close this one (external log out possible)
View 2 Replies
View Related
Mar 23, 2011
Ubuntu uninstalled OOo and installed LibreOffice. What a piece of ----! The first thing which showed up: bold, underline, etc don't highlight when selected; next- Open As, Save As don't show USB stick. I've messed with Linux enough--went downtown and purchased Windows 7--had enough of amateurville patting itself on the back and forcing non-refined software on
View 13 Replies
View Related
Jun 9, 2010
I'm having trouble killing X server and keeping access to the console. I'm trying to install an Nvidia driver so that I can use OpenGL with Geant4. To install the driver, I need X server to be off.I Googled, and found a lot of things about runlevels that no longer apply in 10.04, since inittab has been removed, and that the runlevel now defaults to 2.
I tried CTRL + ALT + Backspace, but that just boots me to the GUI login prompt. In earlier versions of Ubuntu, I would set the default runlevel to 3, but since I'm already at 2, that seems to be as low as I need to go. I tried it in runlevel 1, but the installer warned me about the possibility of needing daemons that would otherwise be running. So in summary, I just need to be able to kill the X server and keep using the console on the current run level. If anyone knows how I can do that in 10.04,
View 5 Replies
View Related
Aug 14, 2010
Got kernel panic when upgradeing from 9.04 to 9.10... Have a tough time with this sparc server. On newer disto it doesnt regognize the cdrom in installation what will result in no install. I tried all trix I found on internet about this issue but none of them did it for me. So I went back in versions. When I come to 7.10 gutsy everything seems to work, so now everything is up and running.
But now I want it back on version 9.04. Last time (a year ago) I did the same thing, and just do-release-update to current version. Now that doesnt work. Maybe becourse I need some updates to gutsy, and the gutsy repositorys is not available anywere. how I can pass this upgrade to 8.04? I set the APT::Get::AllowUnauthenticated true; to pass this far...
View 9 Replies
View Related
Mar 22, 2009
My centos machine suddenly stuck, the hdd LED flashes constantly, and the system reacts to all my operations very slow. I even cannot log in to a native terminal (always timeout). I had no choice, I pressed the power button. Reboot once failed. The system failed to find mount points.
I inserted the installation disk into computer and entered rescue mode. But I found everything was there. And another reboot brought up the system. I wonder what was the process that stuck my system.
View 4 Replies
View Related
Mar 18, 2010
When I put my computer running Ubuntu 9.10 into suspend or hibernate the screen goes black with a little flashing underscore in the corner and when I try to bring the computer out of suspend or hibernate nothing happens and I am forced to manually reboot.
View 1 Replies
View Related
May 3, 2010
I have Ubuntu Lucid Lynx and suddenly my wired internet network doesnt work anymore after a forced restart.
View 9 Replies
View Related
