The default Firewall ufw is not enabled by default at the time of installation and it has to be enabled by the user.Isn't this a security risk or is the user whether ufw is enabled or not secured from external threats?I am not much knowledgeable about network security But I am trying to understand the Ubuntu mentality behind this default setting.
View 4 RepliesThis page [URL] shows how to enable apparmor firefox profile. Why isnt apparmor firefox profile enabled by default? I would postulate that this would be because there must be some limitation by having the profile enabled. If so, what would the limitation be?
View 9 Replies View Relatedhow efficient and effective are these snort, argus, ossec etc etc for an organization having 3500 PC Network, connected through 700+ Cisco Devices (Layer 2 and Layer 3), and scattered on 130 different sites (geographically)? what should be the combination of products and what should be the architecture for an efficient forensics activity?
View 2 Replies View RelatedTo avoid having to input a password for the keyring each time I connect to the net via wireless, I enabled the 'Available to all users' option in Network Manager. Now, my question is this. Are the 'users' it refers to just those created on this machine? Would a drive-by be able to use my network without entering the password?
View 3 Replies View RelatedAs it stands I have a small home network operating behind my modem/router. Some of the ports on this are forwarded to my PS3 for gaming but I was looking at forward some for my file server.
At the moment I've forwarded port xxx22 to port 22 on my server for SSH for instance. ANd similarly 21 for FTP (although it doesnt seem to want to connect for any more than a few seconds using that). What I was thinking of doing was placing a small website for a handful of ppl to use on the server too and port forward again - xxx80 to 80. It works just fine but I'm a little concerned on the security front.
As I've moved the port to something different from the outside world I'm presuming I will have already cut the potential for malicious folks to wander in but is there anything else I should be doing? At the moment there's no firewall operating on the server, usually as its hidden behind the modem/router. But if I open this thign up more permanently what should I be doing? I've read a few articles on it but I'm always left with the overwhelming thought of "Thats if theres no firewall in my router" as they just seem to do the same.
Trying to keep selinux enabled. When I start SeLinux Troubleshooter from the menu, which is inautostart as well, It tells me SELinux not enabled, sealert will not run on nonSELinus systems".How do I get SELinux permanently started then
View 10 Replies View RelatedI installed 9.04 clean yesterday to try and once again move from Windows to Linux and I thought I would give it a real try this time to learn the new OS. Well, right off the bat my wireless connection does not work. By default my WPA/WPK security was set on my router. My wireless adapter does connect to the router but there is no internet access. If I remove the WPA/WPK security and leave it open I can connect and I do have internet access but as soon as I re-enable WPA/WPK security I lose internet access. I even tried WEP security and same result. What the heck is going on with this? I am not going to leave my router unsecured but that seems to be the only way this works. I also upgraded this morning to 9.10 and same problem so this is not limited to 9.04.
View 4 Replies View Relatedi am using 9.10 karmic. Firewall is enabled. added ports with ufw allow [portnumber], and i still cannot connect to a port number. iv tryed ufw allow ssh/tcp but that does not work. the ports work when i disable the firewall and i dont want to do that.
ufw is available in all new installations of Ubuntu since 8.04 LTS, but is disabled by default. The standard Ubuntu installation has a no open service ports policy, so enabling the firewall by default doesn't gain any extra security in the default installation, but could provide confusion for people new to Ubuntu when new software that is installed does not work because of restrictive firewall rules. As a result, when first adding ufw to Ubuntu it was decided that users must 'opt-in' to using the firewall. In Ubuntu 9.04 and later, you can enable ufw during installation using preseeding. See /usr/share/doc/ufw/README.Debian for details.
right now i have vsftpd server installed for FTP access. I originally set it up for both FTP and SFTP, but found that SFTP disregarded any and all permission settings and user jailing that i had set up... so I am switching to just being standard FTP
so here is what's happening:
i've tried to disable SFTP in the sshd_config file, but i am still able to log into the ftp server under sftp through port 22 (which normally is ssh?) i've tried all kinds of things short of just blocking port 22, however I would prefer to be able to remote into my server via Putty (which has access restriction to ONLY allow my admin user account over ssh)..
I decided that I'd torture myself and try to get a server up and running with SELinux fully enabled. I so far have figured out virtual hosting, vsftpd, and SSH to work with it nicely, but I can't figure out what to do to get AWstats to be viewable through a browser with SELinux enabled. This is what I get from /var/log/messages:
Code:
Mar 19 15:09:34 localhost kernel: type=1400 audit(1237496974.987:69): avc: denied { getattr } for pid=4769 comm="httpd" path="/usr/share/awstats/wwwroot/cgi-bin/awstats.pl" dev=sda1 ino=1267968 scontext=unconfined_u:system_r:httpd_t:s0 tcontext=system_u:object_r:httpd_awstats_script_exec_t:s0 tclass=file
Mar 19 15:09:34 localhost kernel: type=1400 audit(1237496974.987:70): avc: denied { getattr } for pid=4769 comm="httpd" path="/usr/share/awstats/wwwroot/cgi-bin/awstats.pl" dev=sda1 ino=1267968 scontext=unconfined_u:system_r:httpd_t:s0 tcontext=system_u:object_r:httpd_awstats_script_exec_t:s0 tclass=file
Could someone explain to me what I should be looking for in these messages? Or what I would need to do to fix it?
I have installed CentOS and Redhat5 on a LVM partition and selinux is enabled. Both OS's share the same /home partition with one user with the same login(gc) and same uid (1000). The problem I am having is that gc can login with all permissions etc on the OS that was installed first (CentOS). For the redhat OS gc can login but cannot write to the home directory (or startx since X needs to write to Xauthority)Here are outputs - 1st CentOS
[gc@shuttle ~]$ ll -Zd $HOME
drwx------ gc gc system_ubject_r:unlabeled_t /home/gc
[gc@shuttle ~]$ stat $HOME
[code]....
We are trying to define an appliance based on Suse for an application server and Web server Apache, so we would like to know configuration best practices for network and security, is there any paper/doc about best practices?
View 3 Replies View Relatedlove security/pentest tools. This script adds ALL the tools from the Security Spin, plus Metasploit. Feel free to modify it if need be.
View 12 Replies View RelatedIs it possible to install security lab menu on a normal Fedora 13 installation? I don't want to use security spin.
View 14 Replies View RelatedI've started a new job and have inherited a couple of RHEL4 64-bit servers. The firewall on them is currently disabled. I'm struggling to get them up and running as iptables is not the most user-friendly application. This lead me to downloading and trying a GUI front-end: Guarddog. Great app! But it doesn't have the default behavior I'm looking for. Here is what I need:
Default behavior: Firewall should be wide open, allowing ALL ports/IP's/TCP/UDP in and out of the server.
Blacklist: Oracle TCP port 1521 needs to be blocked in/out of the server.
This will help get us passed our company's security vulnerability scan. (We aren't able to patch/upgrade Oracle at this time because we'd lose vedor support with a legacy app). I will use these settings as a starting point, and then once I learn more and get more comfortable with iptables (or a GUI app) then I can fine tune things to make them more secure. As far as I know (correct me if I'm wrong) once I get a script I just copy it into /etc/rc.firewall and it will load when iptables starts.
I think this counts as a security question. I didn't know where else to place this.It's really preventing me from doing some things, such as setting up the Empathy IM program for chatting and whatnot, and this default keyring really haulting any progress I can make on that front. It also pops up when I'm just booting up the laptop. My brother set the password and then forgot, so he tried all of these passwords and it would never work. It always pops back up several moments later and reiterates its question. It goes away when I click on 'Deny', but now I can't follow that same route when trying to set Empathy IM Client up. I would like to either do away with this password requirement, or just change it to something I can easily remember
View 1 Replies View RelatedI've read that blowfish encryption is much faster and still safe enough to transfer files between hosts.What's the default encryption used by openSSH? (if not already blowfish)
View 2 Replies View RelatedI am currently trying to best configure my Natty Narwal linux distro. At boot, the system is configured to automatically connect last Wifi network. When I connect to the WIFI however a whole bunch of instructions are loaded in the IPTABLES.
View 1 Replies View RelatedGirlfriend with a problem: she needs to sign up at the unemployment office in Spain. She is here in China. But for reasons unknown, she can't access the bit which she needs to. It says: 'can't set the browser' Java is enabled and so on, we read the instructions. On her windoze computer, she has a digital certificate. I copied it onto my mem-stick. When I try to copy it from my mem-stick to my Linux machine, I can't. Not even as root! The folder is called 'certificado digital' and contains two folders:
Trash.(tilde)1 and VM_Ware_Workstation They both have some kind of encrypted stuff inside. Can this certificate be installed on my machine?? Trash has 5 things, VM_Ware_Workstation has 3 things. The guy who set this up for her told her she must use Mozilla. Is a certificate only valid with a particular browser?
I am currently trying to make my computer as secure as it can possibly be. I am configuring the firewall to be restrictive by default, but I have some programs that are still unable to connect to the internet.
1. Pidgin Internet Messenger (I use AIM and MSN)
2. Skype
What do the default file permissions in ubuntu 9.10 protect/deny access to?
View 9 Replies View RelatedI installed Ubuntu Server and want to change the default user name to increase the difficulty of accessing the server.Is it possible to do this? If not, can I effect the same change by creating a new user and transferring over permissions, files, and etc.?
View 7 Replies View RelatedAre the default firewall settings of F10 without any modification, sufficiently secure for general usage and to bridge the timeframe between a fresh installation of F10 and the time before the security updates are applied?imilar to how Windows firewall is set without any configuration, or do I need manually configure it to be somewhat secure, or something like Firestarter.
View 14 Replies View RelatedOK I have multiple developers on a system and I have setup a area on the web server where they all should have access to and all that fun stuff. Now I do not want to setup these developers default group to be this single group cause they could be members of multiple groups...
IE:
/var/www/cust1 - Group Cust1
/var/www/cust2 - Group Cust2
etc...
Then say for the developers:
dev1 - member of Cust1 & Cust2 - Default group is dev1
dev2 - member of Cust2 - Default group is dev2
dev3 - member of Cust1 - Default group is dev3
So when they go into say /var/www/cust1 only dev1 & dev3 should have access to modify files and when they create/edit files the owner should be the user and the group I want it to be Cust1. Then when going to say the Cust2 area new files and stuff have Cust2 group access with RWX.
Is this possible for users to just use their normal accounts, or will I need to look are setting up "project" accounts where they can su into say dev1cust1 account which will have the default group of Cust1?
how you all handle this and what I might be able to do so that the permissions stick.
Is there any setting to connect ssh server using default profile.
for example if I run
ssh user@ssh_server_ip '/bin/bash --norc --noprofile'
it will skip user's login profile(/etc/profile,/etc/bashrc,~/.bashrc,~/.bash_profile)
Can i do some settings in ssh server that deny profile skipping by client.
I don't think it would be harmful to run ssh on the default port of 22. Especially since the machine will only accept key-based logins and only accept traffic on port 22 from external IP addresses that I specify.
View 8 Replies View Relatedhow secure a default install of Xubuntu desktop 10.04 is when connected to the internet with a routable, public ip address. If anyone can give some recommendations on any changes/additions they would make to improve security
View 2 Replies View RelatedWhich are the default trusted root certificates in Java 1.4? How can a 4096bit certificate be installed in Java 1.4? (as it seems to produce an error).
View 2 Replies View RelatedDoes anyone know why files in /boot are world-readable (particularly the initial ram disk)? I'm not an expert, but I would not expect anyone except root or a sudoer to have the ability to read these files.
View 5 Replies View RelatedI think I've messed my SELinux boolean values. How to restore default boolean values?
Modified boolean values are stored in
Code:
/etc/selinux/targeted/modules/active/booleans.local
Can I just delete the file and reboot to get the defaults?