Ubuntu Security :: Installing LAMP Server On Laptop - Security?
May 8, 2011
I'm concerned about security of having a LAMP server on my laptop as having any server makes the system less secure. However, if I were to create a new partition and install a lamp server on that and only use it when offline, would the security of my main partition be affected at all?
I recently got a nice, lightly used IBM Thinkpad laptop. It has wireless capability for the Internet. Linux is the only OS in the laptop. At home, I don't have wireless-- I have a wired DSL connection for my laptop and for my IBM desktop (which also only has Linux as OS).
When I took the laptop to the public library, wireless is provided there for free and I had no trouble connecting to the system there. But since I'm new to wireless, what do I need to have installed to have a secure laptop when in the public library (or when I'm anywhere else that offers free wifi) using the wireless connection? [I use Firestarter as my firewall in the laptop and in the desktop.] Do I have to install some software to make sure my laptop is secured from spying and invasions when in the library or is the Firestarter enough? If Firestarter is not enough, what is that wifi security software by name?
I just installed Ubuntu on a desktop. Can anyone give me some guidance on installing basic security software? In particular, I'm looking for a firewall, antivirus, and anti-spyware/malware utilities.
With an Ubuntu 10.10 upgraded from 10.04, under Software Sources, Updates, there is a radio button marked "Install security updates without confirmation." I have this radio button marked, but still get "Important security updates" almost daily in my update manager. I don't remember this feature actually ever working.
I am running Ubuntu 10.04 on my laptop. I have an Apache web server running that I can access at 192.168.1.102 ("It works! This is the default web page for this server. ...").
Are there any security risks in leaving this running? Is the web server available to anyone outside my network?
We are trying to define an appliance based on Suse for an application server and Web server Apache, so we would like to know configuration best practices for network and security, is there any paper/doc about best practices?
I've recently been running a game server from my desktop, as well as a web page to accompany it.I use the ports 80/8123(HTTP)/5900(VNC)/50500(GAME)/5839(ADMINISTRATION).What's the best solution to protect my server from security threats? On a side note, I plan on adding a MySQL server later, but I want to keep it local only.
I'm new to server admin, so my question is based on what may be a bad assumption. With a server, my assumption is "if it ain't broke, don't fix it". In other words, I'm not really interested in upgrading the software to the latest and greatest if I already have stuff working on the server.
However, the one place where I DO want to constantly have upgrades is for security patches. How do I apply security updates to Ubuntu Server... and ONLY security updates?
I've setup OpenVPN-ALS (formerly known as Adito) on Ubuntu Server 10.04 edition. I have a security router (Untangle) in front of my internal network. I have a domain name and an SSL Certificate setup on our security router. I can access our web interface on our security router with no problems.
I've setup a portforward rule on our router to access this OpenVPN-ALS portal and I can access it, but I get an invalid certificate message. So I've bought another SSL certificate to install our our Portal, but I'm getting an error message when I enter in our information at the provider where I've bought the certificate.
Common Name does not contain fully qualified domain name. I'm not sure what the problem is. Do I use the hostname I've setup on the portal or do I use the hostname on my security router when I setup the SSL certificate on our portal?
I followed this how to to make a NFS server: [url]
So it means: exports looks like this:
Quote:
Here are some quick examples of what you could add to your /etc/exports
For Full Read Write Permissions allowing any computer from 192.168.1.1 through 192.168.1.255
It means that if sbdy arrives with a linux machine, puts the ethernet cable into the router, then logs as root on his machine, and mount the exports. He can do almost everythg, with permissions chmod'ing ...
Is that LAMP, or i am wrong for nfs kernel servers, the ultimate users/password servers against that to prevent those physical approches /logins?is there good how to ?
I want to know how can I test my server security with hping3 tool I want to make a virtual DoS or DDoS or SYNK attack in my LAN to test my server security and ability against these attack .Is hping3 a good solution for this or not if yes how can I do this which option of this can make such these attacks?
I have 3 virtual machines set up. 2 are servers and one is a client. On one of the servers I have installed apache, mysql, and php and mod_ssl. I can get to the web site on the server from my client system. I can even get to the info php site--the screen that shows everything about php (it's purplish!) I can also get to the secure https site. The one thing I can't do is get my table to display.I have set up a new user in mysql. I have granted that user all privileges. I have created a table on a new database in mysql. I then set up php code within html code But every time I try to go to my test.php site it only gives me the header. It obviously cannot find the table array. This is the code and someone already told me it looked right to them. So I am not sure what I am doing wrong.
I am installing Ilias 4.1.4 is the lastes stable version on a Ubuntu 10.04 64 bit server with all the dependencies satisfied.
[URL]
Download ilias-4.1.4.zip and install on a Ubuntu 10.04 server. Now just when all the steps are done I log out since now the installation has finished immediately upon logging out I am at following URL (the installation has just finished)
[URL]
Quote:
Fatal Error: ilInitialisation::initClientIniFile called without CLIENT_ID.
I start searching net for above error and do not get any useful information.After some time I press back button and accidentally reached
Quote:
[URL]
and see some sort of screen that asks for a client ID. How can I get rid of this error
Quote:
Fatal Error: ilInitialisation::initClientIniFile called without CLIENT_ID.
I got a laptop as garbage from my company. I would like to buy an pcmcia lan card in order to use it as the first hop of my double hop firewall. I will connect this lap to my providers modem with the on board port and connect my wlan router to the second port,on the pcmcia card,which shall serve as the second hop. I have read about smoothwall as os for my lap and it sounds good.But i would like to have a monitoring of each packet, whether in or out. So i will have to install an x ui. I prefer fvwm.2. Does anyone have such a paranoid setting?
I have Ubuntu 10.04 installed on my laptop which is wirelessly connected to the router. I have a PC which is Windows XP that is connected wired to the router.Now - I understand that Ubuntu is secure out of the box and so there is no need to worry about configurations. However, a past couple of updates in Ubuntu and I am seeing updates for Samba.I understand that Samba is used for file transfer between Windows and Linux.
Is Samba turned off by defult when Ubuntu is installed - despite having a WinXP computer connected to the router? Is there any way to make sure that Samba is turned off on my Ubuntu laptop?I don't want to transfer any files between my laptop and WinXP. If Samba is enabled, then a Firewall is needed to be configured (I assume), and to me that is sort of pointless with Ubuntu.For arguments sake, if Samba was enabled on my Ubuntu laptop - what would happen to my security?
i'v recently downloaded a torrent file which happened to be a fake movie. it gave me a message stating i need coreplayer to run it and directed me to [URL].the file was an obvious fake because it had the yahoo! logo on it, but right after running it my laptop slowed down to snail-turtle speed and i had to reboot it.as i said i'm not sure whether this is a bug or a security-related threat, i should be fine by just deleting the said file, correct?
What would be the minimum iptables rules for laptops that travel a lot, and might connect in potentially hostile networks? I came up with (log rules left out):
Code: iptables -F iptables -X iptables -P FORWARD DROP iptables -P INPUT DROP iptables -P OUTPUT ACCEPT iptables -A INPUT -i lo -j ACCEPT iptables -A INPUT -m conntrack --ctstate INVALID -j DROP
if encrypt my root partition with Luksformat on my laptop and the battery suddenly goes out without a proper shutdown, I stand a big chance on corrupting the luks header or key slot?
To start off I do not have the ability to post in the Networking/Wireless thread. I attend DeVry university and in my school they recently rolled out "Bluesocket." Now that they have done this I am not able to access the internet utilizing my ubuntu laptop.I am able to connect to the network. When I open my web browser I am redirected to the "bluesocket" login page where I am able to successfully log in. The next step to accessing DeVry's internet service is to allow Bluesocket to do a scan using a Java applet. That scan is successful.
The results of the scan inform me that I am not being allowed to access the network resources because I don't have an antivirus or firewall program installed on my computer. I do not wish to have an antivirus or firewall program installed on my laptop to utilize DeVry's network resources. My question is what steps do I need to take to bypass/trick bluesocket?
How do I scan a windows computer from my Ubuntu laptop via the network? I have Ubuntu 10.04 on my laptop. First Windows computer to scan has Windows XP Home Edition Second Windows computer to scan has Windows Vista Home Basic I have Avast 4 workstation and KlamAV insalled on it. What is the steps to make my computer scan those windows computers. And how do I set up my firewall to work with firefox and empathy?
I was wondering whether or not it is possible/advisable to install and run Snort on a single laptop with a wireless router (firewall enabled)? Does Snort require root privileges and are there any other issues one needs to be aware of when installing and running software like this?
I am running Fedora 13 - 64-bit variety and using KDE as the gui. No real issues asides from machine not exactly flying, but then this is a mere core 2 duo 1.6 with 2 gigs of ram, so not unexpected...
When I run top I see 3 users indicated - which worries me somewhat... I am the only user on this machine.
I come from a Debian / Ubuntu /Gentoo knowledge-base and this laptop is a fresh install, encrypted partitions, temp has own partition (encrypted too) and obviously the firewall is on, with ssh service turned off and ssh access removed in the firewall....
is this 3 users in top normal, or have i managed to be hacked in the 3 - 4 days since I started the install ? In all this time I have been sitting behind a router when on the net.
Am I looking at a fresh install, or are there valid reasons for the extra users?
I just ran "users" in terminal and I show up 3 times - I have only logged in once, through the GUI and no extra access routes
If you have been trying to compile & install the new NMAP 5.20 scanning utility as a 64 bit user, you may have run into some issues as I did...The compiler will halt when you attempt to 'make', saying that you need to recompile using -fPIC.The fix: "./configure CXXFLAGS=-fPIC CFLAGS=-fPIC LPFLAGS=-fPIC"then rerun "make".I hope this helps someone, as it took me way longer than it should have to get this going. Enjoy the new versions as it is supposed to have 10,000 updated OS detection signatures and new scripts!
I just finished installing and configuring 'TOR' to work in conjunction with 'Polipo' and then I realized I forgot to install it Vidalia. Am I still able to install vidalia so I am able to access the GUI to get a visual on what is going on? Or will it interfere with the TOR/Polipo team?
ubuntu 9.10 login panel is worse with respect to ubuntu 8 since now all the users with names are shown without a way to hide them!Why don't keep the old way at least as an option?
To avoid having to input a password for the keyring each time I connect to the net via wireless, I enabled the 'Available to all users' option in Network Manager. Now, my question is this. Are the 'users' it refers to just those created on this machine? Would a drive-by be able to use my network without entering the password?
1. I understand you can protect your files or directories in your website by setting file/directory permissions. The meaning of r w x is clear to me, but I'm not sure how to proceed... Starting with the index.html file, if I wanted to make it so that anyone in the world can read it but can't modify it, do I set its permissions to rwxr-xr-x? If I set it to rwxr--r--, would that mean the file couldn't be served? I mean, what does the x setting do on a .html file, how can a .html file be executable?
2. If file permissions work on the lines of owner-group-others, in the context of a website, who is 'group'? As far as I can tell, there's only the owner, which is me, and others, which is the world accessing the site. Am I correct in thinking that by default, say when creating a website on a shared hosting server, there is no group unless I specifically set one up?
3. My ISP allows the DynDNS.org service, meaning that I could serve a website from my home. It's too early to go that route just yet, but for future reference, I would like to ask about the server software called Hiawatha. It is said to be secure, but having read some evaluations of it, it doesn't seem to offer anything that couldn't be accomplished with Apache or Cherokee, it's just that its security settings are simpler and easier to configure. Am I right about this? Or does Hiawatha truly offer something that the other major server packages don't?
i updated both browsers i have and lost my secure log-in pages (no padlocks showing ) concerning different Web mail accounts.Just before i did these updates i checked an unrelated thing on-line regarding my sound card of which i kept a copy of and got this message below :
!!ALSA/HDA dmesg !!------------------ [ 12.762633] cfg80211: Calling CRDA for country: AM
Conky can be used to display a variety of information on the users desktop. I wanted to use Conky instead to display the current status of security as reported by:
SANS Internet Storm Center IBM Internet Security Systems Symantec Threatcon McAfee Threat Center
I therefore created 4 small scripts which download the current status from these sites, and set the colour of those status's depending on the current value.The conky configuration allows for a semi-transparent background - though this is optional.Attached is an example image showing the 4 different colours.Also attached is an archive with the 4.sh files, .conkyrc and draw_bg.lua (from here http:[url].....
I already posted a topic similar to this concerning the Desktop OS version, but this deals with the Netbook because unlike the Desktop, the Netbook is less cooperative. Allow me to elaborate: Today (or rather yesterday since it's not after midnight where I am), I changed my password because I was hopelessly confounded about how to get my Wireless Network card up and running after it had been installed and I was allowing my dad to use it. This issue has since been resolved, however...
When I chose my password during the original installation, there was no mention of it being "too simple." This is where the Desktop OS and the Netbook OS differ. The desktop will let me change it in the terminal without any errors. The Netbook will not. When I've attempted to revert it back to the original, it will not let me do so in the User Profile or in the Terminal. The Passwords and Encryption Keys application also does not appear to help.
So now even after I've changed it to a different "complicated" password I am still prompted to insert two different passwords since I changed my user password but I am unable to change the password I input during the installation. A bit screwy methinks. This is extremely important. I'd like to know how to change the original installation password.
If I can't change the main password on my laptop then this is a serious potential security breach just waiting to happen (especially since it's on a laptop and I will be hauling it around with me) and I will most likely install a different OS if this isn't resolved --- It would be very unfortunate since I spent the whole day fixing it and I really enjoy the interface. Luckily I can live with this on my Desktop since I'm not going to be hauling it around with me everywhere when the school year starts.