Ubuntu Security :: Protecting My Privacy - Measures To Prevent My ISP From Keeping Data
Jun 12, 2010
Intrepid Ibex (U8.10) is what I am using presently and I would like to know if there are measures that I can take to prevent my ISP from keeping data that flows between my PC and it.
I am living in Australia, I am wanting to keep the bastards (read: Australian Government) ignorant about what I use my PC for.
Its them storing any of my personal information that I am worried about, but if I can keep my history from them completely, even better...
View 9 Replies
ADVERTISEMENT
Aug 31, 2010
Or do you just use Ubuntu feeling safe enough without them? If you do use AppArmor and other security measures, what do you use them for? Obviously Firefox and Chrome would be two things. But what else?
View 9 Replies
View Related
Nov 26, 2010
Every developer in our organization has access to a single development server and all development ( other than basic experimentation ) is done on this server. This is primarily because there are several interdependent systems and having copies of these systems on each developers machine slows that machine down to the extent of making it completely unusable. All developers access this development server using ssh. Of course this implies that scp will also work as the sshd daemon is running making data vulnerable.
We are currently attempting to secure the code and data on this server from unauthorized copying and transfer.
Currently I am attempting to set up virtual machines on each developer machine that can then be used to connect to the development server. I have created a shell that does nothing but allow for the typing of one command that simply transfers ( ssh login ) the user onto the development server.
I am using virtualBox and ubuntu mini to achieve this.
Problems: The first question is if this is a reasonable way to achieve what I am attempting to. Is there a better way?
The others is more in terms of the set-up: I am attempting to resize the virtualBox console. I tried this by editing grub. Although I am able to resize the screen at start-up the entire screen goes back to ( what I believe is 800x600 ) after the Ubuntu splash screen.
The virualBox seems to have completely messed up the keyboard detection how can I rectify this?
The other is regarding the restricting of shell access I have currently done this by removing access to /bin/ for normal users. Is this secure enough or is there a better way?
View 1 Replies
View Related
Jul 13, 2010
I would like to know how can I protect a file with a password in Ubuntu.
View 5 Replies
View Related
Jan 8, 2011
It seems that AppArmor can't be effectively used to protect read access to files from users (including roots). It is possible to create a profile for, eg, 'cat', but then the users can use 'less'.Is this true? Should use SELinux instead for this?
View 5 Replies
View Related
May 23, 2010
I have two Ubuntu PCs at home and I found out about apt-cacher as a means of reducing internet usage for updates. (my connection speeds aren't that good). When I install apt-cacher, is it possible for anyone on the internet to use my PC as a repository? If so, how can I allow only computers on my LAN to access the apt-cacher cache?
View 9 Replies
View Related
Oct 22, 2010
Has anyone worked in building p2p apps and protocols? I'm talking an actual p2p network of physical devices that is strictly p2p, no servers for most things. Are there security and privacy benefits to p2p? How are addresses handled, like say you want to send a message to a specific friend but you don't have the relatively static IP system in the Internet. How are those things handled?
View 1 Replies
View Related
Jan 8, 2010
These files seem to contain browsing history:
~/.mozilla/firefox/xxxxx.default/cookies.sqlite ~/.mozilla/firefox/xxxxx.default/formhistory.sqlite ~/.mozilla/firefox/xxxxx.default/downloads.sqlite ~/.mozilla/firefox/xxxxx.default/places.sqlite ~/.mozilla/firefox/xxxxx.default/places.sqlite-journal
~/.mozilla/firefox/xxxxx.default/Cache/
Therefore I have cleared these files using an erasing program. I am wondering if there are other locations where such log files are stored for Internet browsing. I have looked in the /var/log directory and cannot see anything - for example doing a grep on http:// after browsing in Firefox does not reveal anything obvious.
View 6 Replies
View Related
Jun 16, 2010
I have LTS 10.04 with firefox 3.63 and the cookie settings are not there. Does anyone else have missing privacy settings. I dont like the idea of tracking cookies and want to do what I can to get rid of them.
View 1 Replies
View Related
Jul 15, 2009
I stumbled across this privacy app today, it's sort of like a CCleaner for Linux. I only see one mention of it in the forums, and I'm wondering why nobody's using it. It seems to be pretty thorough and preforms as they advertise, the site says it has overwrite capability but I'm not sure what algorithm it's using, as I haven't looked at the code. Anyway seems like something that ought to be in the repos.[URL]...
View 14 Replies
View Related
Dec 6, 2010
I had 10.04 in my netbok but something happened, packages failed to install, all sorts of errors when shutting it down, kernel panic when switching on again so I've decided to just install it again. I've got 10.10 running from a LiveUSB drive right now and I'm going through the installer. I want to just tell it to use the exsting partitions, dont bother formatting, just install the new OS on top of the old one so I can keep the user documents etc How do I do this? I picked advanced partition management in the installer, pressed Change on sda1 and gave it a mount point of / but now the "format partition" is ticked and greyed out.. i dont want to format this partition, I just want to install to it
View 1 Replies
View Related
Jul 28, 2010
I've finally had enough of Windows and have decided to go with Ubuntu. However I hope someone can help me with this query... I currently have a single hard drive which I have partitioned under Windows into two. The old C:drive holds software & the windows O/S and the D: drive is where I stored photos, documents, etc. Can you tell me if it is possible to install Ubuntu into the old C: partition and leave the d: partition in tact (for a few weeks to ensure I have backups of everything on here). Alternatively, if I add a new drive and install Ubuntu onto there, will I still be able to access the old D: partition (or would I need some kind of dual boot config)?
View 3 Replies
View Related
Oct 4, 2010
My friend just got a gaming laptop that he won't let anyone else use (his last one got infected when his girlfriend surfed on it for just one hour -- he refuses to use antivirus since he claims he knows how to keep clean, but he doesn't trust others).
Because I used Linux a bit once, I said to him what if I could promise not to make any changes to your hard drive, and I told him that I was pretty sure I could boot to a live cd and then only write files to a usb key. He's actually willing to let me try (I showed him some linux sites I was looking at, and he believes me that we can do this).
1) Is there anything I either MUST do or else must NOT do to make sure I make no changes to his laptop's hard drive? And so that any changes are only going to go on the usb drive I hook up?
2) Since he's got an i7 processor, I assume I should get a version of ubuntu that supports 64 bits, right?
View 6 Replies
View Related
Dec 2, 2010
A US ISP's "privacy" policy basically states that they will collect any and all of your data (email, posts, surfing etc ) and then "share" it". direct me to a "checklist" which can suggest counter measures for non-geeks? How can we function if we cant trust our ISP? Are there some specific 'tricks' in Ubutu to foil rogue ISPs? If yes, it would be a great 'selling point', especially for professionals concerned that rogue ISPs could "share" their intellectual property.
View 9 Replies
View Related
Jun 15, 2010
I'm currently setting up a server with 2x 1TB disks in raid1. (Centos 5.5)In the future, if the storage is insufficient and I decide to upgrade the disks to 2x 2TB, could I just:
- dump ghost image of the array on usb drive
- replace hdd's and build new array
- ghost array with image created previously
Would the above work, will the new partition automatically resize to 2TB or do I need to partition right now with LVM? would it work with LVM?
View 1 Replies
View Related
Jun 6, 2010
the data usage information from the carrier is often several hours old and is accessed in some arcane ways (logging into their website, sending a specific SMS message at best). Here's my idea: single-session data usage is perfectly reported by ifconfig ppp0. The problem is, how tokeep track of previous sessions accumulate the numbers rollover to zero at specified date To be able to do this across computers means that one needs to store it on the modem/SIM card itself. (As a specially crafted SMS message, or a contact).
View 2 Replies
View Related
Sep 26, 2010
I know how to forward ports in my router. Now I need to open a port to help with testing a project and no matter what I've tried, every port under 1055 shows up as stealthed (with 1-71 closed) according to Shields Up! I'm happy to run it at a port > 1024, but whatever I try also shows up stealthed. I even tried (briefly) turning on DMZ and still the same thing. My ISP swears that they only block port 80, 21 and 25, none of which I'm trying to use. UFW status reports inactive and I'm not using firestarter. I'm not running any other server (apache, light speed etc). If it's not my router and it's not my ISP, and there's no other server apps running, then that kind of leaves Ubuntu as far as I can see,
View 8 Replies
View Related
Jan 7, 2010
I've recently built a VM appliance using Ubuntu 8.04 that is given to customers for an easy deployment of our software. Ubuntu works great in a VM and its perfect for our software (which is a web application).
Some customers are paranoid (rightfully so) and they will run a vulnerability assessment on the web application. A particular customers' assessment fails as it finds that the appliance isn't running the latest version the Apache web server. I thought that just running "apt-get upgrade" would upgrade all of the software packages to the latest so that failures in the assessment caused by outdated software packages would be resolved... However this is not the case...
I realize that there is a probably a whole process for submitting/approving the latest versions of software packages in Ubuntu, that then get pushed to the repositories - But how does this work? What exactly does "apt-get upgrade" do if it doesnt upgrade packages to the latest?
For example: I need Apache 2.2.11 to fix a particular vulnerability. But when running apt-get upgrade, it doesnt actually upgrade the Apache version number (or any of the other packages). I'm stuck on Apache 2.2.8, and I can't find a .DEB installer for 2.2.11 or later.
View 5 Replies
View Related
Mar 29, 2011
right now i have vsftpd server installed for FTP access. I originally set it up for both FTP and SFTP, but found that SFTP disregarded any and all permission settings and user jailing that i had set up... so I am switching to just being standard FTP
so here is what's happening:
i've tried to disable SFTP in the sshd_config file, but i am still able to log into the ftp server under sftp through port 22 (which normally is ssh?) i've tried all kinds of things short of just blocking port 22, however I would prefer to be able to remote into my server via Putty (which has access restriction to ONLY allow my admin user account over ssh)..
View 9 Replies
View Related
Jul 14, 2011
Windows have many firewalls to prevent the system. But Ubuntu have few. Why is it so? Is it not needed to prevent Ubuntu or if it is prevented?
View 5 Replies
View Related
Mar 11, 2010
I have installed MoBlock as instructed here: [URL]
After installation I created my own list file in /etc/blockcontrol/custom-blocklist.p2p and have the following uncommented at the bottom of /etc/blockcontrol/blocklists.list:
Code:
locallist /etc/blockcontrol/custom-blocklist.p2p
The list contains the following 2 entries:
Code:
Yahoo:98.137.149.56
Google:74.125.47.147
When I do:
[Code].....
Recently I just noticed that the locallist rules seem to have no effect. I will always get "destination port unreachable" even if the locallist entry in blocklists.list is commented out.
However, whenever I try to browse to that IP, even when blockcontrol is on, even by typing the IP into Konqueror (not the domain name), it lets me go there every time. How can I know that my other applications will not to do the same thing? How can I lock this down and test it empirically to be sure?
View 1 Replies
View Related
Jul 16, 2010
I'm writing here because it's mainly a security issue even though it's rather kernel related.
I'm compiling my own vanilla kernel with an initramfs included in the bzImage. That image contains encryption keys for the rest of the system. Even though it's not for everybody the initramfs image can be extracted from the kernel, decompressed and the keys extracted.
I'm looking on a way to prevent this.
View 3 Replies
View Related
Feb 5, 2011
How do I prevent/disable a file from being copied?
I would want someone to be able to see the content of a directory, then open the relevant document, but just for viewing purpose. They cannot copy the file, either through copy + paste or File/Save As.
Is that possible under Ubuntu?
View 4 Replies
View Related
Jun 15, 2011
I am administrating a system with about 40 or 50 users, and we recently jumped ship from windows to ubuntu. Most of my users are getting along fine, but it seems every few days, i have to help someone who accidentally changed something, and now their account (or more rarely, the machine) is unusable, and has to be reset.
I know configuring /etc/sudoers is a huge step toward fixing my problem, but that still will not completely solve it. What I would like to do is prevent users from making ANY changes to the system (aside from their work files and the like), including themes, icons, desktop, background, etc.
View 2 Replies
View Related
Oct 8, 2010
I have been learning Linux for the past few months and just recently started with Bash programming. Using scripts it is possible to find users with duplicate UIDs but is there any way or script why which duplicate UIDs can be prevented altogether.
View 7 Replies
View Related
Jan 4, 2010
I have Ubuntu 8.04 as virtual host. On this host I have installed VirtualBox virtualization software. I have installed Windows XP as virtual machine and installed HTTP server.I would like temporally disable all network connections to host and virtual machine.So on Ubuntu host I have set firewall settings:
Code:
sudo iptables -F (to flush - delete all firewall settings)
sudo iptables -P INPUT DROP (to disable all input traffic)
[code]....
View 9 Replies
View Related
May 18, 2011
The ability to manually boot using the Grub command-line constitutes a big security risk in Linux, IMO.Any OS can be booted in this manner from a PXE-LAN, USB, or CD/DVD drive, circumventing BIOS-imposed boot restrictions. (Once a foreign OS is booted, of course, it can be used to access any part of an unencrypted hard drive.) Placing passwords or locking menu items (in the Grub configuration files) does not prevent a user from booting manually using commands entered at the grub command-line.
As it stands now, when presented with the Grub menu (or after bringing up a hidden Grub menu with the "ESC" key), a user only needs to hit "c" to enter the Grub command-line mode to facilitate any type of bootup whatsoever. (They can then enter manually the Grub commands to boot an OS on any device.) This is extremely insecure and allows any passerby to boot the computer with a few keystrokes and a bootable USB drive. How do I configure Grub so that it will require a password in order to enter the command-line mode (and thereby restrict boot options to the menu, which can then be password protected/locked) ?
View 8 Replies
View Related
May 11, 2009
I am new to Fedora 10, and to SELinux too.
I would like to know how can I prevent from users with role user_r to connect to Internet with firefox.
View 2 Replies
View Related
Jan 25, 2011
recently my Apache server crashes very often; by watching the error log,I've notice several signs of intrusion.So, I think the problem can be a denial of service attack against my machine.My distribution is Debian Lenny.
View 2 Replies
View Related
May 23, 2010
how to prevent same user from ssh to multiple linux server at a same time , anyone of you have the script or how to do that ?
View 16 Replies
View Related
