Ubuntu Security :: Windows Users Using The Same Connection?
Jan 6, 2011
Thought about posting in the Networking board, but I believe this is a much more security-oriented thread. So let's say I bring my computer to a public place, say a library with one open, public, shared wireless network. I connect to that network. Let's assume that everyone else who's connected is using Windows. Can they see my computer (through Network Manager or other software) and attack it (SYN flood or something)? Or does it depend on the network settings?
View 9 Replies
ADVERTISEMENT
Feb 19, 2010
I am trying to deploy Kerberos and LDAP so users will be able to login in to a server on the edge of the LAN, and afterwards be able to establish a SSH connection to all the computers in that LAN without the need to type any passwords, and without the need for me to manage SSH keys [beside the SSH keys on the login server] and local user accounts.
1. When i create the users in OpenLDAP i use a template that i created by reading documentation from the Internet. In the template one piece of information that is neede is the UID. Is there any clever way the keep track of the numbers so i do not assign the same UID to two users, besides using a pen and paper?
2. For the users to be able to establish SSH connections between the computers, the host is going to be added to the keytab like this: ktadd host/client.example.com Is is possible to replace client with something genric so i do not need to mange these keytab files between the hosts?
3. Users will be logging on the the server on the edge of LAN by using SSH keys. How can i configure the setup so the users will recieve a ticket automatically when the logon without executing kinit and without entering a password, just by having a valid SSH key?
4. krb5kdc is running on all the network interfaces in the server i want it to only run on eth1, how can this be done?
View 2 Replies
View Related
Nov 2, 2010
I have a remote directory shared over NFS called tech with perms set as 0750 and owner set to root:tech. I have 2 groups: tech, and techAdmin. tech can read and execute within tech/. techAdmin can read, write, execute. I have 4 users: user1, user2, user3, user4. user1 and user2 is a member of techAdmin, user3 and user4 are members of tech. simple so far...but wait here's the problem. If user1 creates a file inside tech, user2 cant read or modify it because user1 owns it. Here's a few sites that reference this problem:
[code]....
View 4 Replies
View Related
Nov 1, 2010
We are trying to set up a classroom training environment where our SIG can hold classes for prospective converts from Microsoft/Mac. The ten machines will have /home/student01..10 and /home/linsig01..10 as users. We want /home/student01 to be able to explore and sudo so they can learn to administer their personal machines at home. We don't want them to be able to modify (sudo) /home/linsig01. I've seen the tutorial on Access Control Lists but I'd like other input so we get it right the first time.
View 3 Replies
View Related
Oct 15, 2010
To avoid having to input a password for the keyring each time I connect to the net via wireless, I enabled the 'Available to all users' option in Network Manager. Now, my question is this. Are the 'users' it refers to just those created on this machine? Would a drive-by be able to use my network without entering the password?
View 3 Replies
View Related
Nov 23, 2010
If I want to add Windows & Mac users as Samba users, must I first add them all as Ubuntu users? If so, since none of the other users will actually be working on the Ubuntu Server, how do I disable the other non-admin users on the Ubuntu Server login screen. I am using Webmin to administer some server settings, and command line for others.
View 3 Replies
View Related
Sep 29, 2010
Samba up and running on my pc. pc runs FC12 with kde. A laptop has win vista. The pc can access the shares on the laptop but the laptop has authentication issues to access the pc. Note that windows doesnt enforce authentication forincoming network connections.Using the system-config-samba util i tried to map a windows user to the unix user "feduser". The laptop (named LAPPY) has a user (lapuser) which has on windows no password.What should I tell samba config what the windows username should be? lapuser or LAPPYlapuser doesnt work because when accessing the pc via the laptop, the authentication fails. The only auth that is successful is when choosing the same winusername as the unix username.
Secondary, id like to setup the laptop so that the user doesnt have to provide a name and password, or at least not more then once in the lifetime of the laptop. Note that you cant provide an empty password to system-config-samba. How is that possible?
Strange but not really on issue imho:the samba - KDE control module(kcmshall4) (and the smb.conf) shows 2 shares: the homedirs and the data dir the samba server configurator (system-config-samba) shows only the datadir.
View 3 Replies
View Related
May 12, 2010
I have an environment with multiple projects that have a variety of government and commercial sponsors. We have been satisfied to this point with a netapp serving nfs/cifs and keeping a tight reign on nfs exports.Some of these projects have started asking us to provide access restricted sub-folders of the project space based on different groups that contain a user subset of the primary group.
We have a linux machine that serves as a version control front end to the netapp, mounting the project spaces via nfs. People are now mounting their project space via sshfs to this "front end" and sharing the root password of this sshfs client with everyone in their project, in turn creating a security hole to access the so called restricted sub-folders. I know all the obligatory responses referring to irresponsible user behavior but would like to see how others have addressed something like this where user behavior seems out of control.
View 12 Replies
View Related
Apr 14, 2010
I've installed Ubuntu Desktop Ed 9 and I want to add a user account that would be very restricted. I would only want them to access the internet and run several programs. I do not want them to have access to the destkop, anything under preferences, administration etc... Is this possible?
View 1 Replies
View Related
May 13, 2010
I'm currently running tests on my SAM file on my XP partition. Partly because I want a password that is hard to crack, and also out of curiosity. While running John the Ripper (no options used) I'm noticing that there are 8 pasword hashes, yet only 4 users associated with WinXP. I know that JTR only does 7(?) characters when it check for a solution. Is the 8 hashes because it separates passwords longer than 7 into 2 hashes, and then cracks them individually as 2 parts? I did try googling this,
View 2 Replies
View Related
Jun 9, 2010
I created a new user desktop user for my girlfriend to use my netbook, but when she logs in, it doesn't show the wireless network icon. Under users and groups, I gave her access to wired and wireless networks, and under the network settings,I changed our wireless to "available to all users". I'm not sure what the problem is here.I'm using ubuntu netbook remix 10.04.
View 3 Replies
View Related
Aug 30, 2010
I need to be able to capture a users password when they login. I am well aware of the security issues with this and I'm ok with this.
We run a call center and I am working on migrating from windows to Kubuntu for the callers. It's policy that all callers must report their password to me, so I already know of everyone's password. There has to be some variable/script that I can "hack" to get the password they typed in to the login screen.
What I'm trying to do is that when a user logs in in for the first time, their profile is automatically created and set up. Setting up network drives, email, pidgin (which the password is stored in plain text anyway, so forget about security on that one), web apps, etc.
Trying to find information on How to capture a users password and all have been responded with the usual lecture on why you shouldn't do this. So I've heard it all before and I know of the risks. Like I said, I already have the callers password on file. If I could capture it, I wouldn't have to manually setup each profile every time we get a new caller, which is often since turnover is quite high in call centers.
View 5 Replies
View Related
Jun 10, 2011
I set the profile for Firefox to enforce sudo aa-enforce firefox.Does this now apply to all users on my system or just the user I was logged in as?
View 2 Replies
View Related
Aug 30, 2010
I have an issue in Gmail that has just started recently. When I'm logged into Gmail I sometimes have as many as 22-28 outbound connections and my NIC never stops sending and receiving data.When I log into Gmail this starts and doesn't stop even if I log out and close the tab. I have to quit the browser to lose the connections.
I had a thread URL... that initially was about this issue but I didn't know it seemed to be totally Gmail related so I thought I might ask this way. It could be Google just changed something on their end but I don't want to run my mail until I know it's ok.
View 9 Replies
View Related
Mar 17, 2011
I have 2 servers, web server & mail server. they show 2 users in the summary area when I run w or top commands. But the actual list of users logged in (using either w or who) shows only 1 user.
ps -ef |grep username only shows my current login as a running sshd process.
So I can find no trace of this other user except in the summary line for w or top. I have no shells or other logins left running elsewhere or abruptly terminated, no gui sessions (these are servers), no tty logins. Do I have another user logged in? Has someone hacked me & covered up most of their trail? Why do these commands show 2 users when everything else points to 1 user?
View 9 Replies
View Related
Apr 12, 2011
I read the log
Code:
I found this print out:
Code:
The line in bold is the security issue. There is only 1 user account on the system. There should only be 1 user logged in, not 2 users logged in. The remainder of the log file lists 1 user logged in, for similar log output. 2 users logged in does not appear again in the log file.
Does the second line of bold indicate that an attempt was made to log in to the system using SSH?
There was an internet connection interruption (no service) around the time of the log file event. The service did return, later.
Does that line indicate that an unauthorized user logged in to the system?
View 3 Replies
View Related
Jun 11, 2011
I am looking for the best method to implement SSL for my sites but without users having to accept the CERT and I'm small so I'd want to use the cheapest method like signing my own certs. Is there an automatic way of doing it or best practice?
View 8 Replies
View Related
Jun 23, 2011
I am stuck in a weird situation and could definitely use some help from gurus in security area.
I have categorized my users into 3:
1. root user
2. other local users
3. LDAP users
I want to setup following 2 usecases:
a)
1. Allow keybased ssh and scp to root users
2. Allow ssh but disallow scp service to other local users
3. Disallow ssh and scp to LDAP users
b)
1. Allow keybased ssh and scp to root users
2. Disallow both ssh and scp to other local users
3. Disallow ssh but allow scp to LDAP users
For the 1. in both cases, I think PermitRootLogin in sshd_config could . For the 3. I am thinking of deploying rssh to control scp service access, since ssh will be restricted anyways.
Problem area is 2. primarily.
i) How to allow ssh but disallow scp to 'other local users'
ii) How to disallow both ssh and scp to 'other local users'
View 5 Replies
View Related
Jan 23, 2010
I can only start my Internet connection from the root bash. If i type pppoe-start/pppoe-stop in my user's shell it just says "command not found".
Any way to permit the users to bring the ppp connection up and down ?
View 1 Replies
View Related
Jul 14, 2009
I have a new server with Fedora 10. The root user can log in by SSH using an RSA key but for any other user the RSA key is ignored and a password required.Ultimately I wish to access an SVN server over SSH and would like to to have to keep entering a password. I have Googled this issue and found nothing.If I log on as root the /var/log/secure file shows that the key is accepted, for any other user no message is added and the password is requested.I have checked all the config files and as far as I can see they are all correct so I am at a complete loss as to why SSH will not use the users RSA key.
View 13 Replies
View Related
May 24, 2011
I want to restrict some of my Operating System users running unwanted commands. I just want them to run specified commands only. How can i achieve this?
View 9 Replies
View Related
Sep 19, 2010
I'm on Debian 5 - when I run the w command, it reports 2 users, but I'm the only person logged in. Is this cause for concern?
Code:
curos@histeria:~$ w
16:17:25 up 4 days, 11:56, 2 users, load average: 0.00, 0.00, 0.00
[code]....
View 2 Replies
View Related
Sep 20, 2010
Block Users from USB Drive/Devices and CD-Rom I am using Ubuntu 9.10- the Karmic Koala(64 bit) in my company. I would like to block the users(except Super user) from using USB Drive/Devices and CD-Rom for security resons and to prevent my employees from copying data.
In Users Settings, I tried unchecking some items in User Privileges tab but it didn't work.
View 6 Replies
View Related
Dec 20, 2010
Got PGP 6.5.8 for Linux working with Ubuntu 10.10. It involved converting two .rpm files to .deb with the alien utility and then installing by simply double clicking on the .deb files in the file browser invoking the Ubuntu Software Manager. I put the two .deb files in a tarball (tar.gz) and would like suggestions as to how to make the tarball available for other Ubuntu users to download.
View 3 Replies
View Related
Jan 8, 2011
It seems that AppArmor can't be effectively used to protect read access to files from users (including roots). It is possible to create a profile for, eg, 'cat', but then the users can use 'less'.Is this true? Should use SELinux instead for this?
View 5 Replies
View Related
Jan 30, 2011
Ubuntu 10.10 Server is loaded. Openssh has been loaded.
I have multiple users which need access to server via ssh.
My impression from reading about ssh is that a key needs generated for each person. Thus, each key will have a passphrase that is unique to them.
In /etc/ssh/sshd_config, the default sshd_config suggest using:
%h/.ssh/authorized_keys
My assumption is %h is a variable that will allow the current user to use the public key stored in his home directory under the .ssh folder in a file called authorized_keys. Is their a command string that automatically populates the authorized_keys file?
I am surprised that even though there are a number of hidden (e.g. .****) files located in the home folder, there is not one automatically generated as .ssh. It appears I have to create that directory myself. I am especially surprised by this since it appears the instructions for generating a key seems to load the key in the home directory instead of proceeding to create a .ssh folder to store the keys in.
It is not clear, but it appears that the public key needs to be copied or appended to the authorized_keys file, but, using the scheme above, the public key needs to be copied or appended to each users authorized_keys file instead of appending all public keys to a single authorized_keys location.
It then appears that each persons authorized_keys file needs permissions set to 600.
It also appears that if I decide to use RSA instead of DSA, I would do the same thing above but would use authorized_keys2 file instead.
Why doesn't the home folder which gets automatically set up for each user automatically get a .ssh folder generated? i.e Why does it have to be created by hand? Does it need the same permission on the .ssh folder? ie 600?
My aim is to allow many to log on via ssh simultaneously and then allow many to simultaneously vnc into their respective gnome desktops.
View 6 Replies
View Related
Mar 10, 2011
I set up a linux 10.10 desktop to run as a "server" for me. I then loaded Xrdp so that we can remote connect to the machine. My issue now is, i need to add users other than the initial account i created, but when i log into the desktop remotely, it will not let me add a new user. I cant seem to use any of the boxes in the User Settings command box. Does anyone have any suggestions?
View 9 Replies
View Related
May 18, 2011
As I'm interested in user-behaviour-information-security I would like to know what I�ll have to turn off or to uninstall to make the ubuntu-pc-usage as anonymous as possible (no musicbrainz, cddb, or alike).I want ubuntu not to send any data to third-party-users.
View 6 Replies
View Related
Jun 15, 2011
I am administrating a system with about 40 or 50 users, and we recently jumped ship from windows to ubuntu. Most of my users are getting along fine, but it seems every few days, i have to help someone who accidentally changed something, and now their account (or more rarely, the machine) is unusable, and has to be reset.
I know configuring /etc/sudoers is a huge step toward fixing my problem, but that still will not completely solve it. What I would like to do is prevent users from making ANY changes to the system (aside from their work files and the like), including themes, icons, desktop, background, etc.
View 2 Replies
View Related
Jan 12, 2016
When launching any program (iceweasel, ssh, dropbox) that requires internet connection as a normal user it does not connect.
However if I try launching them as root it does. Sometimes, I have to manually disable/enable wifi and then reboot in order to access Internet, sometimes it works and sometimes it does not.
I have Code: Select all3.16.0-4-amd64 #1 SMP Debian 3.16.7-ckt20-1+deb8u1 (2015-12-14) x86_64 GNU/Linux
My resolv.conf has the following permissions
Code: Select allsudo ls -l /etc/resolv.conf
-rw-r--r-- 1 root root 26 Jan 12 05:03 /etc/resolv.conf
My Code: Select allsudo lspci is
Code: Select all00:00.0 Host bridge: Intel Corporation Haswell-ULT DRAM Controller (rev 09)
00:02.0 VGA compatible controller: Intel Corporation Haswell-ULT Integrated Graphics Controller (rev 09)
00:03.0 Audio device: Intel Corporation Haswell-ULT HD Audio Controller (rev 09)
[Code] .....
View 9 Replies
View Related
