Ubuntu Security :: How To Setup Web-facing Ssh Server Securely
Oct 18, 2010
I have a small network at my office (3 workstations, 1 ubuntu desktop that I'm using as a file server). I'm using a WRT54G2 router for networking and internet connectivity. Here's what I'm trying to accomplish: I want to be able to access my little file server from home, across town. I think ssh might be the best way to go now. What I don't know: How do I set up the ssh server on my machine/network without compromising my network security and the security of my server? Do I just set up port/ip forwarding on my router, install openssh, and that's it?
View 9 Replies
ADVERTISEMENT
Nov 4, 2010
I'd like to know if this is common security flaw or normal to open up FTP to the public which is of course protected with password for 3rd party access to maintain our public facing / production website ?
If yes, what sort of FTP application to install in Ubuntu ?
View 1 Replies
View Related
Feb 14, 2011
Within the documentation of example OpenVPN setups there is a setup that shows an OpenVPN Server with two network interfaces. One interfaces is plugged into the public internet network and the second interface is plugged into the private network.
Normally I assume that it would be best to place the OpenVPN system inside the network behind the router and firewall and open only the ports needed on the router to allow access to the OpenVPN system. All other router ports would be closed. This is the first example they show. To see what I am talking about see page(s) 6-7 here -> [URL]
If one were to use the two interface public facing setup, when would that setup best be justified? I guess if you didn't want to open any ports on the router/firewall then this could be justified but then you have to lock down this public system individually instead of having it protected by the network firewall.
View 1 Replies
View Related
Aug 6, 2010
How can you use swat securely from a securely location?
View 1 Replies
View Related
Nov 4, 2010
I'd like to know if this is common security flaw or normal to open up FTP to the public which is of course protected with password for 3rd party access to maintain our public facing / production website ? If yes, what sort of FTP application to install in your Linux webserver?
View 7 Replies
View Related
Jul 11, 2010
To copy from production to standby over the internet I use a cron job doing rsync -avze 'ssh -p 8022' --exclude-from= ....
My question is: should the cron job run on the production or the standby system. Root access to the remote system is given by a pass phrase-less ssh key. Currently I run rsync on the production system. I guess that it is more secure because the standby needs no ssh login to production. Running rsync on the standby would use less resources on production. I am concerned that in this case there would be pass phrase-less access from standby to production.
View 3 Replies
View Related
Jan 4, 2011
This one being Ubuntu 9.10 (yes, I know I really should upgrade). I keep a number of confidential files in a TrueCrypt container which is a standalone file in my Documents folder. I'd like to delete some of these, but I want to do it as securely as I can, but I believe if I simply hit 'Delete' with the file selected it'll move the file to the Deleted Items folder. This, I assume, means that the file is taken out of the encrypted volume and stored unencrypted in the Deleted folder.
I've been reading a little about the Shred command, and there seems to be some question about whether it works effectively with a journalled file system; and since I have no idea whether I'm using a journalled file system, or how to find out, I'm treating Shred and other over-writing secure deletion tools as ineffective for now.
With this in mind, can anyone advise me how I can protect the file stored in the TrueCrypt volume, and delete it in place, without taking it out of the encrypted area? And, further to that, can anyone tell me whether in fact the file is actually secured while it's in the encrypted volume? For all I know, just opening the volume may result in copies being made somewhere (apart from RAM).
View 5 Replies
View Related
Jun 27, 2011
My company needs to send sensitive data across to another company, 800gb of .dpx. The way I have thought of is:
E-Sata/1TB WD black.
True-encrypted/ hw accelerated aes (3x machines being built with 2600k)
Sha1sum on each file.
The main goal is to make sure that
1. The files that were transferred off the server onto the drive, are exactly the same.
2. Secure.
3. Fast.
View 9 Replies
View Related
May 26, 2011
I'd like to run a Tor relay, but am trying to understand the security implications. For some time I've run my torrent client in a VirtualBox virtual machine, which is run as a very non-prived user, bridges directly to The Internets, and writes to one directory on the host. My belief is this is about as secure as it can be, but am open to suggestion.If I run a relay in the VM it wouldn't be associated with my use of Tor as a client, which is fine since there is no technical need for them to be connected and it's desirable for security.I read that chroot jails can be broken, particularly when run as root, so I don't really trust that. Also studied a vserver, but it must share the network setup which doesn't strike me as isolated enough.
View 14 Replies
View Related
Jan 20, 2011
I am just about to undergo a new peice of freelance work myself on Bind 9, but it has been ages since I have done this, this was on my own LAN with port 53? Blocked from outside, so mine is not public facing.
But this project is, what should I setup to make this truely secure, just to recap on my thoughts aswell, forward resolving is Domain -> IP is not it? Then Reverse is IP->Domain is not it?
View 3 Replies
View Related
Sep 7, 2010
I'm trying to decide on how to host and serve files to multiple operating systems (Linux, Mac OS X, Windows XP and Windows 7) over the internet. I'd like this to be secure (obviously), but don't want to use SSH tunnelling.Ideally, this would be something which could be persistently mounted on the client machine (a network drive in Windows, likewise in Mac OS X and Linux) and wouldn't require the installation of extra software on the clients. I thought about samba, but I'm not sure if it's secure enough to be internet-facing. Would FTP fit?resumably it's possible to have encrypted connections only and limit connections to a specified number of client IPs.
View 2 Replies
View Related
Feb 22, 2010
I'm sure this is possible... I'm just not sure how. Yet! I have three machines. One is at home behind my firewall and has a dynamic IP. That's fine as I don't really want to open any ports on my home firewall. The second is at work sitting behind the firewall there- and I'm not even going to ask for approval to NAT an IP to my PC at work :-).
The third is in a data center far away. I only have a shell account on this server but other than that shell account not being root, I can do most anything I like with that account. What I would like to do is SSH to this server simultaneously from my home and work PCs and, via this third machine, make them talk.
This is pure geekery so it doesn't matter what they say to each other; I just want to make them talk. Maybe one uploads a file and the other just pulls down that file. Maybe one opens a FIFO on the remote server and starts writing to it while the other starts snarfing that data. In fact, I like this latter idea best, I think. How would you do it? What scripts (fired by cron if need be since I'm ostensibly away from at least one of the PCs at any given time) would you use?
View 1 Replies
View Related
Feb 12, 2010
I'm learning to secure my server in the best way I can think of: By learning to attack it. Here's what would like to accomplish. I have SSH set up on a linux box in a offline lab environment.
Username: root
Password: ajack2343d
Now, I know I can simply brute force this as I know the password, but there has to be other ways, and I wish to learn them.
View 8 Replies
View Related
Jun 19, 2010
I've set up a server for the first time today and I'm reading up on how to secure it. But I was wondering if anyone here would give me some tips from personal experience on what to do before going online with my website for the whole world to see. I'm running Ubuntu Server edition and Apache. Am I good to go with default settings or is there anything recommended that I should first do?
View 9 Replies
View Related
Dec 19, 2009
I am trying to set up Protected Web Directories on my server Fedora8 32bit I have webmin 1.5 and there is Protected Web Directories option, so I follow instructions and setting up all what is asked, in dir what I need to protect shows up 2 files:
[Code]...
View 6 Replies
View Related
Jul 1, 2010
venturing into unfamiliar territory so I'm hoping someone can help me and make things a little more understandable for me. I have setup Postfix on a standalone server connected directly to the internet. I have got inbound and outbound email working for the most part, but I am worried about security.My fear is that if I leave port 25 open to the outside world spammers will find this and start relaying mail through it and eventually blacklisting the IP attached to this box.
For now, I am hosting mail for a single domain and single user (me) with a few aliases. I plan on expanding to IMAP and SMTP access from the outside at some point, but for now I've been using Mutt in a shell and it's fine for my needs for now.
Here are my current Postfix settings:
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
[code]....
View 3 Replies
View Related
May 30, 2010
I'm trying to setup a NFS4 server (no security, local home network behind FW). It seems that I'm missing something because 'rpcinfo -p' does not list v4 for NFS: petit-pois:/home/eric# rpcinfo -p
[Code]...
View 3 Replies
View Related
Feb 13, 2011
Trying to setup a Kerberos + OpenLDAP server to manage users for our Samba shares (was going to use just OpenLDAP, but apparently it is less secure than using Kerberos with it). (Distro: CentOS 5.5) Haven't even gotten to the point of connecting either to Samba yet. I have set up a Kerberos server, and configured it as necessary. I am happy that it is working as intended, as I can login and manage principals from both the local terminal and remotely on other clients.
I have setup a server (sv1.myhost.net), and configured it to talk to Kerberos (auth.myhost.net). I have created both a [URL] principal, and a testuser principal. I have set the password on the testuser but not on the host/sv1.myhost.net. I have added the keys for both users to the keytab file on the sv1.myhost.net. I am at a Windows 7 machine (on the same internal network), and have installed the Network Identity Manager. It is able to request a ticket successfully for the testuser account.
When I use putty w/GSSAPI (0.58) to remote login to the system, it says using 'testuser' and then just hangs there. Eventually putty connection times out. The fact that both machines can connect to the auth server to communicate with kerberos correctly suggests firewalls are correct. The relevant entries in sshd_config have been uncommented to tell srv1 to use Kerberos authentication.
View 3 Replies
View Related
Feb 3, 2010
Is there a way to delete files on the commandline that uses the KDE-Wastebin?It appears that I never ever need the KDE4 Wastebin for files that I deleted through Konqueror or Dolphin. It is only when I delete files on the konsole with rm that I wish I could undelete them. It always happens like that, mostly by being in the wrong directory or using a wildcard when I should not have. (I don't have any erroneous deleted file right now, and I do have plenty of backups, but I just wonder whether there is something better than rm to use generally on the commandline.)
View 9 Replies
View Related
Nov 30, 2010
I am facing a problem while configuring a sendmail AS MY MTA.My problem is when is try to send mail from root to local user account(Any user existing in my local machine) , i m getting a unknown user error but normal users can successfully send a mail to root but root account does not.I can successfully compile a sendmail.mc without any error and sendmail deamons start successfully.When I Try to send mail from root account to local user Account , i got a Returned mail:see transcript for detail (which Has A following Detail )
View 5 Replies
View Related
Jan 19, 2010
We are trying to set up a NIS server on a CentOS system. We need to have a NIS server which can provide NIS authentication to a couple of clients. We are practically new to all this stuff.
Just googled to find some ideas about installing ypserv and ypbind and portmapper. We did all that and also started them successfully. But now the clients are not able to join to the NIS domain . The error log states "YP_DOMAIN NOT BOUND".
I guess we have not entered the /etc/yp.conf, /etc/hosts files properly. Please let us know the detailed steps to setup a NIS server .
Also, please let us know what entries should go into the different /etc/<file_names>? What is meant by HOSTNAME in the /etc/hosts file?
Is there any other files which need to be changed? Are we missing any steps?
Also to add-on, while executing the ypinit command we faced the following error:
At this point, we have to construct a list of the hosts which will run NIS servers. localhost.localdomain is in the list of NIS server hosts. Please cont inue to add the names for the other hosts, one per line. When you are done with the list, type a <control D>. next host to add: localhost.localdomain next host to add:
The current list of NIS servers looks like this:
Is this correct? [y/n: y] y
Error running Makefile.
View 3 Replies
View Related
Feb 6, 2010
We are trying to define an appliance based on Suse for an application server and Web server Apache, so we would like to know configuration best practices for network and security, is there any paper/doc about best practices?
View 3 Replies
View Related
Apr 24, 2011
I want to setup a FAI server for which I was looking for the best method of mirroring the Debian Lenny. I want to setup a local mirror with the best method available for mirroring. If it is ftpsync, please provide me some best ways of doing it. I tried ftpsync mirroring but that was not getting properly working due to insufficient I want this mirror to be accessible in my FAI setup so that I can start the installation on multiple machines and start the updates and package installation to be done from the same local mirror.
View 1 Replies
View Related
Feb 18, 2011
I have a Debian Squeeze installed on my old iBook G4 mid 2005. The computer has been giving me hard time and I want to sell it for parts. Before that however I'd like to erase the hard drive securely. Is there a software that this forum recommends for erasing hard drives completely and securely? Is there Linux equivalent for something like DBAN which can be installed on a CD and then boot the computer from it?
View 14 Replies
View Related
Mar 22, 2011
I am running Ubuntu Server 10.10. I have installed OpenVPN using this guide I have set up everything correctly as this guide says, but I am having problems with the config file. I want to securely route all traffic on the client to the server, how ever the server will not start. My config is below:
Quote:
#################################################
# Sample OpenVPN 2.0 config file for #
# multi-client server. #
# #
# This file is for the server side #
[Code]......
The servers ip is 10.0.0.65 and I want to assign the clients the ip range of 10.0.0.200 to 10.0.0.20 When I try to start the server I get the message Fail.
View 8 Replies
View Related
Oct 22, 2010
How to setup a SMS server using Linux, also want to know the appropriate Linux distribution to setup a SMS server.
View 2 Replies
View Related
Jan 30, 2011
I read this article:[URL]..(Alien for all packages and howto) but I have some doubts. Let's see if I understand correctly. In practice, we open a port (8888 for example) on the local PC on which you made a ssh tunnel to our server, right? Who resolves the dns? Our remote server? With this technique we are safe even from sending data through unencrypted protocols like hhtp (not https)? An administrator who wants to see what we visited what would see in his log?
View 2 Replies
View Related
Feb 3, 2009
I loaded F10 up on my laptop a few nights back. NetworkManager connects via Ethernet just fine. It will also connect wirelessly, but only when security is disabled. I've been using 128-bit WEP.
When I try to connect using security, this is what appears in the log:
Code:
Jan 29 21:07:17 localhost NetworkManager: <info> Activation (wlan0) Stage 1 of 5 (Device Prepare) complete.
Jan 29 21:07:17 localhost NetworkManager: <info> Activation (wlan0) Stage 2 of 5 (Device Configure) starting...
[Code]......
View 2 Replies
View Related
Aug 28, 2011
I need to send large files from a Linux machine to another using cryptography. The sender machine knows the recipient IP but not vice-versa. I don't need strong cryptography and prefer higher-speed less-secure solutions.
There are no problems with presharing crypto keys but I'd prefer not dealing with SSH users creation.
I think to HTTP PUT over TLS, but I never had experience with it and I prefer to hear which are the possible solutions. I know that it can listen as a daemon but I don't know anything about cryptography. So pipeing with OpenSSL may be a solution.
View 2 Replies
View Related
Jan 25, 2011
How to patch redhat and debian securely ? I mean is there sth like in solaris live upgrade, when after upgrade sth goes wrong I can revert to previous state from before upgrade?
View 4 Replies
View Related
