I'm running behind a 2wire NAT Router with only have smtp, www, pop3 open routing to my ubuntu VM server. Network also includes three other ubuntu VM server's and a Desktop. I'm the only one on the network so my question is, what security risk is there running WireShark as root? Because running it under dumpcap is horrible after you quit. It hogs up all the resource to remove the dump.
Having read on the forums about some of the dangers of running Wireshark as root, I would like to know if anyone can suggest some alternative packet sniffers/network analyzers which will offer similar results but without the security issues. I am using Karmic Koala on a Fujitsu Siemens laptop with wireless router (firewall enabled)
The Wireshark website specifically warns against running WireShark as Root....
Quote:
Administrator/root account not required!
Many Wireshark users think that Wireshark requires a root/Administrator account to work with.
That's not a good idea, as using a root account makes any exploit far more dangerous: a successful exploit will have immediate control of the whole system, compromising it completely.
First of all, most Wireshark functions can always be used with a (probably very limited) user account. In particular, the protocol dissectors which have shown most of the security related bugs do not need a root account!
Only capturing (and gathering capture interface information) may require a root account, but even that can usually be "circumvented", see CaptureSetup/CapturePrivileges for details how to do so.
So you have to run wireshark as root too see the interfaces which I'm ok with but a message says that this is dangerous. I am just wondering WHY this is dangerous? I mean I know sudo gives complete read write access to the system but what I am wondering is why is that BAD for wireshark? What could potentially happen? Can someone expand on this?
want to run VirtualBox with root permissions. Trouble is that only when run as root i can access attached USB devices inside of a virtual machine, otherwise, these a greyed out).Now running VirtualBox as a root user also changes the configuration folders, making all my virtual machines already defined disappear. I also don't want to copy all to the root configuration folders. Is there a way to give the VirtualBox root permissions but without actually running the application as a root user. Is it possible to do without changing the permissions of the non-root user, i.e. i don't want my user to have all root permissions, due to security considerations.
The error is as follows: kernel: Uhhuh. NMI received for unknown reason 3c on CPU 0. kernel: Do you have a strange power saving mode enabled? kernel: Dazed and confused, but trying to continue
Was trying to use wireshark to pen test my network and I can't get it to work properly.When capturing on my main wireless card wlan0 atheros ath9k the program freezes after a short while and I can't even access the web anymore. Not to mention it stops capturing. I have to disconnect and reconnect to get back on the web. Not sure what is going on here. I get the following output in terminal:
(wireshark:2240): GLib-GObject-WARNING **: /build/buildd/glib2.0-2.26.0/gobject/gsignal.c:3081: signal name `depressed' is invalid for instance `0x2142cb68'
I am doing security stuff under linux... I've heard of Wireshark and Snort and dsniff and have been reading up on them on wikipedia pages but the big picture is not clear to me yet. Are things like Wireshard and Snort BASED on the functionality of iptables in Linux? I read that you have to be root to run iptables, but not to run Wireshark right? Yet Wireshark is dependent on iptables.
Is there a 'plugin' for wireshark to analyze traffic and spot infected (windows) hosts? I have been using nepenthes with no luck. (and doubt all hosts are clean) is there some better way (other than using antivirus on each host)?
Is suid disabled from running all home made bash scripts or just from running them as root or:
Who would know for sure.
I googled several combinations of Mandriva Linux how-to suid disabled setUID etc... so far all I found was "many distributions are disabling suid for security reasons" nothing specific.
I run ProFTPd with TLS authentication on my Debian Lenny server. My problem is that despite of the fact that my users connect chrooted, one of my friends had root privileges after logging in form a Macintosh and could browse the root directory, too.
Whenever I login as root, an e-mail with the subject "Security information" is sent outwhere the e-mail address for this message is configured? I need to change it (or perhaps disable it).
I found this on Bee's website. For more info on this exploit there are links there:[URl]..All you have to do in Fedora 13 is enter the following lines in a shell as normal user:
[Code]...
I don't think this can be considered solely an "upstream" problem, because I first tried it in Arch using the same version of glibc, and the final command causes both gnome-terminal and xterm windows to disappear.
Is It possible to change a process running in root-user to non-root-user by setting suid / uid / euid / gid etc... I so please instruct how, when and wat to set in order to change a process running in root-user to non-root user
I was wondering about the security implications of running a GUI in a VM. I know that a GUI adversely affects security, but don't know how this works when visualization is thrown into the mix.
1. Is the security of the host OS affected by the presence of a guest OS with a GUI, or is it just the guest OS that would take the hit?
2. If the host OS does not have a GUI, and the guest OS does have a GUI, would it be possible to see the GUI of the guest OS?
In maverick, I made a menu shortcut to be able to run nautilus as root (gksu nautilus), when I need to (for example, to clean the /var/apt/archives or anything like that).When I used this in intrepid, karmic or lucid, this worked fine.In maverick, when I do so, I always afterwards have the gnome desktop of root and still the rights of root outside nautilus. I have to logoff and re-login as my user to see my personal background and gnome environment again.
I have an external usb hard drive that spins down every 10 min. The commands in 'hdparm' do nothing to override the internal settings. So, I wrote a script to touch a file every 5 minutes, and it will run as root because of the mount command, and I want it to run for every user. The script is executable, owned by root, and root is the group, with 755 permissions.
no_sleep.sh in /usr/sbin:
Code: #!/bin/bash # Script to keep external drive from spinning down diskmounted=$(mount | grep Backup | wc -c)
I like cleaning up my install with Bleachbit. I see that when you install it, it also install Bleachbit as root. What is the difference between this and the user version and is it safe to use it as root? I am assuming it cleans up stuff on a deeper level but have always wondered about how safe it would be to use.
I've been searching the web on this, followed up hints and tips (e.g. URL...) but with no results.I'm running Ubuntu 9.10 on 3 disk configuration: 1: 80GB SSD running root with /home mounted to the next disk 2: 250GB HDD where /home lives 3: 250GB backup of disk 2
My system is complaining since just now with:The volume "file system root' has only 640MB od disk space left
I just installed Wine (1.1.3* dev release) and installed Notepad++ (OSS) and Net Meter (Freeware, the latest beta is actually OSS too). I also intend to install a few other things later. The only failure so far is the latest WinSCP So it made me wonder about what running a process/software as "root" actually means. When I use U.S.C or 'apt-get install' to install software on my computer, and type my password, it displays that keyring icon on my systray.
Does this mean I am root at that moment? And how about running wine, the wine processes, and any windows *.exe I'm installing and running? I basically am afraid that I am running all the wine-related stuff as root, even though there is no indication that I at least have elevated privileges. What is/are the worst-case scenario(s) about wine?
KDE panels look strange with black colors when I login using root account.Is it possible to make KDE look normal? I am using root account because I spend most of the time performing administration tasks and I don't want to type my strong password so frequently.
I am trying to run my script at startup but it doesn't run the script as root. Do I need to add my root username and password in the script, or somewhere else?
Code: #!/bin/sh echo "Minutes to shutdown after:" read input_variable
[Code]....
i wanted it to open a terminal with root access but i cant see mto get it to open and prompt for a password gksu gnome-terminal -x sh /path/to/script.sh
I have some software that I need to run as root, I know I can open a terminal and su etc. if I was going to stay there to control it, that would be fine, but as the software is graphical, I would like to click it's icon, be prompted for the root password, then have it start.
I'd like to run my Apache start-up script under my own userid and not have to su over to root each time in order to run it. But if I run the script as myself I get errors on the "/usr/local/apache2/bin/apachectl start" portion (which is the 'main' purpose of the script):
(13)Permission denied: make_sock: could not bind to address [::]:80 (13)Permission denied: make_sock: could not bind to address 0.0.0.0:80 no listening sockets available, shutting down Unable to open logs
I don't care to waste anymore time just now, or spend anymore energy just now trying to resolve *those* problems. The script works fine when I execute it logged in as root (su). I've changed the permissions to 4777 so that *me* running the script that is executed *as root* should work:
ls -l apache_up.sh -rwsrwxrwx. 1 matt matt 1114 Jul 22 16:42 apache_up.sh But it still gives the above errors. I thought changing the sticky bit would work. How do I run this script myself and have it execute the "/usr/local/apache2/bin/apachectl start" command - so that I don't have to su each time?