I'm not really a network security guy or anything. I'm setting up an FTP server on my lan. I know how to install the software and how to setup my router but still have a couple question for an expert...
1. Which version of Ubuntu should I install? Server?
2. How can I isolate this machine from the others on the lan?
it is possible to change the root directory for a single, particular program. For example, I have an executable, 'miscreant.bin' that has all of it's required libraries in a directory named "libraries", in the same directory as the said executable. I can launch the program and make it use the libraries included with the executable rather than the system with:
Code:
/lib/ld-linux.so.2 --library-path ~/miscreant/libraries ~/miscreant/miscreant.bin
...or...
Code:
env LD_LIBRARY_PATH=~/miscreant/libraries ~/miscreant/miscreant.bin
With either, miscreant can be portable. But, I would also like to change the root directory (like chroot) of miscreant, so that the directory "~/miscreant/sandbox" becomes the root ("/"). So, if miscreant created a file named "/home/bryan/miscreant", it will be redirected to "~/miscreant/sandbox/home/bryan/miscreant". I am running Crunchbang 10 (Statler) on a 32-bit Atom netbook.
I have several (say, 50) machines running ubuntu.I want them to be centrally controlled.That is, each machine should get permit from central machine before installing any software etc.I googled quite a lot but could not find the solution...
View 1 Replies View RelatedI have a comcast business network adapter that has a 4 port switch. It also handles nat 1 to 1 translation for static IPs (That's just how they do it, there is no other choice).
In port 1, I have a cat6 that brings traffic to and from my linux machines, allows me to vpn, ssh, a mail server, etc. Everything here is fine.
In port 2, I have a netgear router that is setup with a point to point VPN for a client.
Here are the issues:
1. Machines that are connected to the netgear vpn router/switch can access machines on my network - I don't want this.
2. I can't access the machines connected to his lan from my lan - I need this to administer his machines somehow. Even if I have to VPN to the concentrator and do it like that.
Here is the network structure.
Code:
Internet <-> 10.10.10.1 -> switch with 10.10.10.x machines
|
-> internal vpn IP 10.10.10.50
|
[Code]....
The external network for the VPN is 10.10.10.x and the internal is 10.10.20.x. So, a machine with IP 10.10.20.100 can get to 10.10.10.X and I don't want that. I guessing it's doing this because technically, I'm 'from the internet' on 10.10.10.x and the vpn machines are going 'out to the internet'. Is there a way to have this:
vpn -> gateway traffic only?
I have a cisco 1811w at my disposal if I need to use it; however, I'm all thumbs when it comes to cisco IOS and networking in general.
all the packages which I have installed which are in experimental but which can be downgraded or can be had from unstable. Is there such a way ?
View 8 Replies View Relatedhow to isolate users from a group ie accounting and force them to change their password upon login
View 1 Replies View RelatedI'm trying to isolate a number from a text file using sed. The text file looks like this:
-GARBAGE-GARBAGE-GARBAGE- Number of frames: 183933 frames Codec -GARBAGE-GARBAGE-GARBAGE-
I tried the following:
Code:
sed "s/^.*Number of frames: //g; s/ frames Codec.*$//g" "info.txt" > "frames.txt"
Strangely, it only seems to be stripping off the end, but not the beginning, like so:
-GARBAGE-GARBAGE-GARBAGE- Number of frames: 183933
I'm obviously not using the command correctly, so what am I doing wrong?
I have used Awk in the past to isolate the file name from a given path..that is to say, I may have a list of files contained in list.txt.Can someone please post the Awk command that would do this? (I assume it will be very similar in form to the Awk command I showed above.)The point is, sometimes I may want to isolate the second directory, sometimes I may want to isolate the third directory or tenth or whatever - so I am hoping that if someone posts the Awk command to isolate the second level directory (to produce the output I showed in Fig.3) it should be fairly obvious by looking at the form of this command how to alter it and so isolate any other directory I want.
View 5 Replies View RelatedHow to isolate my home files from wine 'c' drive, i.e.,why does the 'up' gui connect the two?
View 1 Replies View RelatedAt school, the shop I work in has machines that run windows xp and cannot be updated to the latest SP (consider these machines "B"). This means that they are quarantined whenever connected to the network. There are also workstations that we would like to be able to connect to "B" for the sole purpose of dropping a file into a directory. These machines we will call "A" and are considered trusted.
I have No control of the school's network. I have a spare PC with two NICs as well as a 5 port switch. My thought was to use the spare PC as a gateway/router/VPN and setup an isolated "network b" consisting of all the untrusted systems. Disallow all traffic other than the VPN connection. Connect via vpn from the 4ish trusted workstations "A" to Network B. I could use mac filtering (I think) to accomplish this and disallow any computer not specifically authorized, thereby isolating the untrusted computers completely.
I need to implement operating system level visualization to isolate a application on RHEL 5.5. Which one tool in following for implementation Linux-VServer, lxc, OpenVZ or anyone else.
View 2 Replies View RelatedI have this little nettop box, an Acer Revo, that I use for Boxee/Hulu Desktop with my tv. It's been a fairly enjoyable setup for months, until two mornings ago. The first strike Before work I poured myself some cereal, wandered over to the couch, plopped down and powered on the tv. After the set warmed up, a header image for some banking/something-another website made it from my screen, into my retinas, and slowly turned my otherwise uneventful morning into me chocking on a mouth full of Honey Nut Os as I lept over my coffee table and slammed the off button on my cable modem.
I clean up the Nut Os that I knocked on the floor and systematically change every password on my networked machines (Revo and two *laptops*). I check my router, disable my ssh port forwarding rule, kill remote admin access, change passwords, MAC addr whitelist my wifi connected machines just in case it's a local job. I read through all running processes, check my bash history, look for screen sessions, and so on. Finally I decide that I must have been brute forced, either on my ssh port or perhaps even directly on my router. My laptops should have been, and seemed to still be, in sleep mode since that night.
The second strike So tonight I'm watching a South Park episode (a show I hate to love), about to cut out for the night, when the Boxee menu pops up. I look at the remote and back at the tv; for just a moment I think that perhaps the mouse shifted slightly on the carpet and caused the menu to activate. Then Boxee stops the video, navigates the menu a few clicks, pulls up the exit menu and closes itself. ......
When i run
Code:
I sometimes see
Code:
So i'm wondering if this means my ubuntu server box is being used for spam or something? There are no other (human) users on the computer and i don't use it to send mails.
I've run
Code:
In paranoia, but still when i run
Code:
I get
Code:
And sometimes
Code:
Just thought i should ask before starting the tedious process of reinstalling and restoring the system.
I have installed an Ubuntu server and it running OK. Before making it a production server, I want to make sure one day if the OS corrupts accidentally, I can still access the users' files on the hard disk.
I burned a Ubuntu desktop live CD, and booted it with this machine. There are 2 hard disks on the server, both could be mounted automatically. However, I can only access some folders like lost+found.
The questions are:
1. how can I access the other folders, given I have the root password of the server.
2. is there a way to access all folders without knowing the users + passwords?
If i download files from the internet to the ubuntu home download folder will that kill off windows viruses? Ive also have avast on demand scanner-but are anti-viruses effective against windows viruses these days?
View 6 Replies View RelatedI have a server that is on a high port number, and people want it on port 80. For root exploit issues people say the server can not run as root. So to solve things I want to redirect port 80 to a high port number, say 12345 on the machine. This has been discussed all over the web, so I find I need to do this:
/sbin/iptables -t nat -A PREROUTING -p tcp -d 123.45.67.89 --dport 80 -j REDIRECT --to-ports 12345
/sbin/iptables-save > /etc/sysconfig/iptables
And I do this, an voila things work for the whole world. All machines in the world can see the server on port 80 on the machine.Except, on the machine itself. On the machine 123.45.67.89, I try to get to the server on 123.45.67.89:80, I get a can't connect error. On the machine if I try 123.45.67.89:12345 I can connect.What am I doing wrong here? I don't want localhost network really, I want the ip address and port, but I want the forwarding to work on the local machine. But it doesn't...
I have, say, 10 machines, connected via NFS and NIS. There's a server which exports the /home using NFS, and exports the user names using NIS. All machines are working fine. I am able to ssh to the machines remotely and get my work done.Recently though, one of the machines (say M, for easy reference) would not allow any other machine on the NFS network [or outside the NFS network] to ssh into it. Every time an ssh attempt is made, 3 IP addresses [including the machine from which an ssh attempt was being made] are added to the /etc/hosts.deny file on M, and the error message on the other machine shows 'permission denied' after the password is entered. I tried using various options that ssh provides, but I cannot figure it out. I also tried uninstalling and reinstalling openssh-client and openssh-server on M, but it didn't change anything.
Another point to note is this: another user made use of M before, for a while, by disabling ssh passwords - so he could access M without having to enter his ssh password. That individual can still log in to M. All others who require to enter a password cannot ssh into M.
This morning I was looking at the router's log file and noticed a certain IP address was able to gain LAN access on port 2222. That just happens to be the port my SSH server is listening on! A whois search revealed that IP address is in Germany. As soon as I found this out I stopped forwarding all ports to this machine in my router.
how to tell what had happened, what information this person was able to obtain, and if he left any goodies behind that could hurt me? I've read through some of the logs on my computer and haven't been able to find much at all. I did have some personal information on the hard drives, but that information is encrypted. I'm thinking if they were able to get my SSH password then that information probably isn't safe either (assuming they have some of it).
I have stuk up in big issue here , I just want to find the remote url in which it listens ?
I know the remote host and remote port number but i just want to which url the web application listen
For example : Host : 1.1.1.1 & port no : 8080
But i remember the url would be http://1.1.1.1/(something):8080
I want to find the complete url in which it listens ?
In nmap whether i can achive this or anyother tool ?
I have LAN with 20 machines. I see that one of them is infected. Its sending a lot of packets to the internet. My internet connection at this momment is realy slow. What should I do? How to detect which machine is infected? I'm using hardware firewall. Fortigate... Its hard to configure there nice logs. Any good software. I don't want to switch off network cable from each machine and check.
View 10 Replies View RelatedI want to do port mapping on a linux machine using iptables.I have a service listeneing on port 2000 udp and I want to add iptables rule, which will map incoming packets on port 2001 to port 2000, so that service will accept the connections.The idea is that I don't want to change the default port for the service, but to make internal port redirection from (2001 to 2000), so the default service port will be filtered by iptables, and the other port will be open to the outside. The internet host connects to the linux machine on port 2001. The linux machine change destiation port from 2001 to 2000 and the service (on the same machine) process the packets and accepts the connection.I tried adding the following to my iptables rules, but it didn't work out:
$IPTABLES -A FORWARD -p udp --destination-port 2001 -j ACCEPT
$IPTABLES -t nat -A PREROUTING -i eth0 -p udp --dport 2001 -j REDIRECT --to-port 2000
I'm currently using Slackware 13.0 and have my machine behind a Linksys DD-WRT router. I believe the DD-WRT software has all ports blocked by default so opening up my machine for SSH login would only leave my system vulnerable at that port. To give an extra layer of security for that opened port, I've created the following script that would be invoked as the users' shell.
#!/bin/sh
#if SSH_CLIENT defined run nail with $SSH_CLIENT as an argument
if [[ -n ${SSH_CLIENT} ]]; then
[code]....
I have an SSH tunnel setup between a local server and a remote postfix relay VPS. This is so we can route all our outgoing mail through this SSH tunnel to a private relay VPS, this seems to give us much more consistent mail delivery than using our ISP's relay. So the SSH tunnel is set to route port 1025 on machine A to port 25 on the VPS This part of it is working perfectly and has been for months. However today I wanted to set our e-mail newsletter software (on the same network as the SSH tunnel start-point) to send through the SSH tunnel. So I punched in the IP/port... 192.168.1.5:1025 but it doesn't work. Is there something I need to do to allow connections from other machines on the LAN to access the start-point of the SSH tunnel? Or are SSH tunnels restricted to localhost connections only?
View 6 Replies View RelatedI have a F11 box serving xdmcp. I log into them machine remotely with xming. As far as I can tell, all x clients work fine, EXCEPT for sealert. I get occasional selinux alerts, but I cannot use the sealert browser on my remote machine. When I try to run the browser, I get this: sealert -V -b
2010-03-05 11:27:49,841 [dbus.proxies.ERROR] Introspect error on :1.61:/org/fedoraproject/Setroubleshootd: dbus.exceptions.DBusException: org.freedesktop.DBus.Error.NoReply: Message did not receive a reply (timeout by message bus) 2010-03-05 11:27:49,842 [dbus.proxies.DEBUG] Executing introspect queue due to error 2010-03-05 11:27:49,842 [dbus.ERROR] could not start dbus: org.freedesktop.DBus.Error.ServiceUnknown: The name :1.61 was not provided by any .service files
I see the bug at [URL].. but it does not mention the browser, nor does it say what the fix/workaround is..Im going to stab in the dark and start relabeling things, but anyone know what's really wrong?
I have set logwatch to report daily the logs, somehow since last week i get below message. A total of 1 possible successful probes were detected (the following URLs contain strings that match one or more of a listing of strings that indicate a possible exploit):
/cgi-bin/blocked.cgi?clientaddr=192.168.1.108&clientname=&clientident=&clientgroup=limitedaccess&targetclass= untrusted&url=http://adfarm.mediaplex.com/ad/fm/9608-84171-8772-2?
[code]...
I am trying to keep linhost274.prod.mesa1.secureserver.net (IP 208.109.14.77) from accessing my machine. Several times per evening (as far as I see) it connects to my machine, each time on a different port, and pushes up data transfer. I can't find what it does, it just pushes a GB or more over the line and then stops. I try to keep it out with UFW:
[Code]...
I've been trying to make sense out of this error report. I get it every once in a while on startup of my machine.
Code:
Summary:
SELinux is preventing /usr/sbin/ntpd access to a leaked netlink_route_socket
file descriptor.
Detailed Description:
[ntpd has a permissive type (ntpd_t). This access was not denied.]
SELinux denied access requested by the ntpd command. It looks like this is either a leaked descriptor or ntpd output was redirected to a file it is not allowed to access. Leaks usually can be ignored since SELinux is just closing the leak and reporting the error. The application does not use the descriptor, so it will run properly. If this is a redirection, you will not get output in the netlink_route_socket. You should generate a bugzilla on selinux-policy, and it will get routed to the appropriate package. You can safely ignore this avc.
Allowing Access:
You can generate a local policy module to allow this access - see FAQ [URL]
Additional Information:
Source Context system_u:system_r:ntpd_t:s0
Target Context system_u:system_r:firstboot_t:s0
Target Objects netlink_route_socket [ netlink_route_socket ]
Source ntpd
Source Path /usr/sbin/ntpd
Port <Unknown>
Host localhost.localdomain
Source RPM Packages ntp-4.2.6p2-7.fc14
Target RPM Packages
Policy RPM selinux-policy-3.9.7-3.fc14
Selinux Enabled True
Policy Type targeted
Enforcing Mode Enforcing
Plugin Name leaks
Host Name localhost.localdomain
Platform Linux localhost.localdomain 2.6.35.6-45.fc14.i686
#1 SMP Mon Oct 18 23:56:17 UTC 2010 i686 i686
Alert Count 1
First Seen Fri 21 Jan 2011 02:01:09 AM PST
Last Seen Fri 21 Jan 2011 02:01:09 AM PST
Local ID fb73799a-8d3c-4d9a-8c06-a0c1b6d4814e
Line Numbers
Raw Audit Messages
node=localhost.localdomain type=AVC msg=audit(1295604069.730:15): avc: denied { read write } for pid=1731 comm="ntpd" path="socket:[14643]" dev=sockfs ino=14643 scontext=system_u:system_r:ntpd_t:s0 tcontext=system_u:system_r:firstboot_t:s0 tclass=netlink_route_socket
node=localhost.localdomain type=SYSCALL msg=audit(1295604069.730:15): arch=40000003 syscall=11 success=yes exit=0 a0=8a1ad60 a1=8a1b040 a2=8a1b2c8 a3=8a1b040 items=0 ppid=1730 pid=1731 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ntpd" exe="/usr/sbin/ntpd" subj=system_u:system_r:ntpd_t:s0 key=(null)
Has anyone got experience connecting a linux machine to a Microsoft VPN server using RSA authentication? What puzzles me perhaps most about this topic is the absolute dirth of information. If it is not possible, can anyone tell me why?
View 9 Replies View RelatedIs there a script I can use to send a command VIA terminal to wipe an entire machine of data? If for example there is an intrusion valuable data can be at risk, it would need to be erased.
View 14 Replies View RelatedI have set up a virtual machine under VMware Player 3.1.2 in Debian. Operating system of this virtual machine is a Windows Server 2003. I would like to periodically test this Windows Server 2003 installation for viruses. Obvious solution would be to install an AV software under this Windows Server 2003 installation. However, I was wondering, is this possible to use NOD32 for Linux or clamav in order to test this Windows Server 2003 installation for viruses? Is NOD32 for Linux able to detect viruses inside the .vmdk file?
View 1 Replies View Related