On a test ubuntu computer at my work, tests run often run wrong and all privleges for all accounts are revoked. This is, to say the least, annoying. Is there any way to create a SSH password for just that console to access it locally in the event of such a lockout? We cannot connect any other computers to it for security concerns.
View 6 RepliesI am stuck in a weird situation and could definitely use some help from gurus in security area.
I have categorized my users into 3:
1. root user
2. other local users
3. LDAP users
I want to setup following 2 usecases:
a)
1. Allow keybased ssh and scp to root users
2. Allow ssh but disallow scp service to other local users
3. Disallow ssh and scp to LDAP users
b)
1. Allow keybased ssh and scp to root users
2. Disallow both ssh and scp to other local users
3. Disallow ssh but allow scp to LDAP users
For the 1. in both cases, I think PermitRootLogin in sshd_config could . For the 3. I am thinking of deploying rssh to control scp service access, since ssh will be restricted anyways.
Problem area is 2. primarily.
i) How to allow ssh but disallow scp to 'other local users'
ii) How to disallow both ssh and scp to 'other local users'
I have a server that is on a high port number, and people want it on port 80. For root exploit issues people say the server can not run as root. So to solve things I want to redirect port 80 to a high port number, say 12345 on the machine. This has been discussed all over the web, so I find I need to do this:
/sbin/iptables -t nat -A PREROUTING -p tcp -d 123.45.67.89 --dport 80 -j REDIRECT --to-ports 12345
/sbin/iptables-save > /etc/sysconfig/iptables
And I do this, an voila things work for the whole world. All machines in the world can see the server on port 80 on the machine.Except, on the machine itself. On the machine 123.45.67.89, I try to get to the server on 123.45.67.89:80, I get a can't connect error. On the machine if I try 123.45.67.89:12345 I can connect.What am I doing wrong here? I don't want localhost network really, I want the ip address and port, but I want the forwarding to work on the local machine. But it doesn't...
I wouldn't call myself paranoid, but I do try to keep reasonably secure on my home network (WPA encryption, router firewall, etc.). I also occasionally use nmap to make sure I don't see any unknown computers logged into my network. The problem is I have five computers that all use DHCP on the network and they are not all up all of the time. At most, there are two to three online at any one time.
So, my question is: Do any of the IP addresses remain in the router's database for a computer that has gone offline (shutdown)?
The reason for my question is that today I ran nmap on my home network and noted an IP address that was not currently up on the network. It is, however, an address that is frequently assigned to one of the computers when it is online, but that address was not up at the time I ran nmap. Just trying to make sure my network is not being used by some nearby computer.
iam new in linuxi put check on locked local password and now i can not log in if i put my password
View 4 Replies View RelatedI will be setting up Apache web server in DMZ and Oracle web server (Windows) in LAN. The requirement is to allow logged in visitors to view / change their details via the web site. What is the best way to configure this. Is simply allowing web server's ip to communicate with oracle server's ip (and the oracle port) is secure enough or is there a way to do this more securely?
View 6 Replies View RelatedI've small issue with blocking local clients. I mean I've webserver that I want to allow limited number to clients to that let say I've 10 users from 10.5.1.1-10 I would like to block 1-9 and allow only last client to access that webserver . Ive tried the following
Code:
iptables -A -p tcp -i eth1 -d 10.1.1.14 -s ! 10.5.1.10 -j REJECT
iptables -A INPUT -p tcp -d 10.1.1.14 -i eth1 -s ! 10.5.1.10 -j DROP
If I allow, my server's IP is:
11.11.11.11
If I allow 11.11.11.11, and block 22.22.22.22
22.22.22.22 can't access the server
But if I allow 11.11.11.0/24, and block 22.22.22.22
22.22.22.22 can still access the server!!
Does anyone know why that is?
I have a linux firewall. I want to limit a ssh connection number from local network to internet .
Example :
Internal pc (192.168.0.10) start a ssh scan to the external (internet) host.
I want that iptables limit that host (192.168.0.10) and block ssh connection from this host at 3 attempt.
I've been looking awhile now, but no patch for this is yet to be found. Does anyone have more info, or better, a fix? Last version from GNU's ftp server is also vuln as of this writing.
View 3 Replies View RelatedA scan on my computer reported as up many local ips which simply does not exist in my network. This host is supposed to have ip 192.168.0.4, but all other ip should not be there. I have a USB modem connected to a Linux box, connected itselfs to a wifi linksys router and thats it.
# nmap -sP '192.168.*.*' | grep -v down
Starting nmap 3.81 ( http://www.insecure.org/nmap/ ) at 2010-11-18 21:46 CET
Host 192.168.0.4 appears to be up.
Host 192.168.7.27 appears to be up.
Host 192.168.10.0 appears to be up.
[Code]...
I'm using a fingerprint reader on my laptop, works pretty well:
Code:
$sudo echo hi
Please swipe your finger:
[swipe finger here of course]
[Code]....
Like I said, it works nicely... until I try to SSH in and sudo something remotely, when it will ask me kindly to swipe my finger over the reader that's attached to the laptop which is on my desk at home thirty kilometres away. Naturally there's no method built into pam_fprint to abort via a keypress.
So, is there any way to tell PAM to only use certain modules if I'm in a locally logged in session?
I was having a discussion with someone who said that telnet, FTP, HTTP plain-text authentication in the local subnet is ok because it's a switched network. Also, that these protocols are not good over the net but in a local subnet they are just fine.
I know that someone can plug a hub in the network port and connect 2 (or more) PCs and see the packets. Also, heard about ettercap but haven't really delved into it. I know dsniff was written to prove the point that unencrypted protocols are bad. Would like to get opinion about unencrypted protocols over a switched networks.
I want to know the details about the implementation of distributed firewall in a local area network
View 5 Replies View RelatedI have installed the mysql server on my ubuntu. I need to assign or reset the root password. I followed the article at http://www.ubuntugeek.com/reset-the-...-on-mysql.html. When I ran the command
[Code]....
ERROR 2002 (HY000): Can't connect to local MySQL server through socket '/var/run/mysqld/mysqld.sock' (2) what am i doing wrong, and explain to someone who almost has no experience with ubuntu. I am new to this.
I'm trying to setup a NFS4 server (no security, local home network behind FW). It seems that I'm missing something because 'rpcinfo -p' does not list v4 for NFS: petit-pois:/home/eric# rpcinfo -p
[Code]...
This is a transcript I get emailed at least once every day, usually about 3 to 10 a day recently.
Transcript of session follows.
SMTP server: errors from unknown[ip address]
<boring stuff snipped>
In: RCPT TO: <server@my domain>
Out: 550 5.1.1 <server@my domain>: Recipient address rejected: User unknown in local recipient table
Session aborted, reason: lost connection Now I cannot seem to find anything via Google, as when I put "server@" anywhere in the string, I just get web hosting or other kroomst. The emails usually come from legit places, usually hotels. Does this mean they are sending bad emails, i.e. they have a Trojan/worm, or is this a live hack attempt?. I believe the later, as I might get upto 3 domains from the one ip address, which is always, NOT associated with the listed domain. Not causing me any issues, except I have been getting a lot recently.
I installed a fresh copy of Ubuntu 11.04 on my server about 2 weeks ago, I setup remote desktop and figured to just leave the password field out as it suppose to be pre-configured to only accept local connections, well, apparently not. I was noticing some strange network activity and checked my router connections and sure enough I see port 5900 to the server, open vino icon and see that there is someone else connected! (IP of unauthorized user: 77.29.51.239 ).. Immediately kick them and set a password. This should really be addressed and/or a password should be defaulted or at the very least the "Your desktop is only reachable over the local network." should be removed.
View 9 Replies View Related1: I changed some settings in "local security", about file permits or something, and now I can't run Yast to fix it, not even see it. Neither can I add or remove any software. And the ugliest part is that I can't even shut down the pc. It pops up a shaking error message about authentication stuff. How do I fix this?
2: It also throws en exception whenever I try to install my monitor's driver, a HannsG, which is an .exe file. I was told I should run .exe files through Wine, but this wont work either. Is there another -and more appropriate- way to execute this files?
I have a postfix mail server on ubuntu 10.04 lts behind a router. so all local users are fetching/sending mails through ms outlook using local IP. Sometimes when internet goes down and any mail send then it bounced back immediately saying domain not found. Can u please tell me how i configure to hold all mails in postfix server rather than bounce when internet fails and will pass through when restored the internet around 15-30 minutes?
View 2 Replies View RelatedI'd like a way to see all of the devices on my local network and what their local IP address is. I recall that I used wireshark to troubleshoot a similar problem a while back, but it doesn't seem to have a way to see all of the devices- only the traffic. (I'd like to do this without having to physically interface with my router if possible, and I am in an encrypted network if that matters)
View 6 Replies View RelatedI have installed a web server on my local network. Everything is well configured and web pages are shown correctly from Internet (outside the local network) using the domain or the public IP.The issue is if I try to see that web pages (using the domain or the public IP) from inside the local network. In that case the router config page (192.168.1.1) is shown instead of the web pages.From inside the local network I'm only able to see the web pages using the internal IP address (192.168.1.XX).
View 2 Replies View RelatedOne of Konqueror's unique features is that i can name a local process as the action in a form. When i submit that form, the local process is executed. Very helpful for certain offline tasks. What would make it even better is if i could find a way to pass some data to that local process from the html page. This could be the content of a hidden input item, etc. Alternatively, if there is a way for Konqueror to create or update a local file with data from the html page, that would acheive the same end.
View 1 Replies View RelatedWhat command would you use to read about the sync system call (not the sync command)? How would you read a local man page for sync that was kept in the /usr/local/share/man?
View 2 Replies View RelatedI am trying to install tilp, a program for the link between a computer and a Texas Instruments calculator. I have downloaded all the packages to a local directory. I tried telling yum to install all the packages at the same time, though, the dependencies still fail to resolve (though they are all in the directory). I don't know if it would be safe to force install without the dependencies (even though I would install them later).
View 4 Replies View RelatedI've got an Ubuntu server hosting our websites and other various things here in our own home. We recently switched to a router that doesn't support loopback (abomination), so I've set up hosts files on our computers so we can access our own sites when on our home LAN.
However, we often take our laptops as we travel about, and I'm guessing due to the hosts files when we try to access our sites, it'll look on whatever local network we're connected to for our server, which won't work, obviously.
Is there a way to set up something like a hosts file that'll only try to look up the local IP of the server when we're on a specific network (our home one), or have one that tries to look for the local IP first, then proceeds to try and resolve the domain name and use the external IP if the local IP doesn't work?
I have a Dell PowerEdge 1650 server with 3 NICs in it. I am trying to use one NIC (eth0) to connect to the internet, the second NIC (eth1) to share the internet connection to a LAN, and the third NIC (eth2) to connect to the LAN.
It is running Ubuntu server 8.10
The problem that I'm having is that NetworkManager (version 0.7.0) keeps setting eth2 as the default connection, and then I don't get any internet at all from the server.
My main goal is to be able to share files from the server to computers on the LAN. The secondary goal is to have a virtual machine hosting a Halo server, connected through eth2, so that it can host LAN games. But that is a secondary goal after I get the connections to work.
I've been looking around and finding other people who have done bits and pieces of this, but not the whole thing. I had been hoping to simply use the NetworkManger, but I don't mind editing config files.
Also I can't seem to find any good instructions on editing the /etc/network/interfaces file. The man file is incomplete, and everything seems to point back to the man file.
What is the minimum configuration to postfix that I need to do (i.e. to its main.cf file) in order to have the following:mail go from user1 on comp1 to user2 on comp2 on same landemonstration:
user1@comp1# Mail -v "" user2@comp2.somelan.com
hi there
[CONTROL-D]
[code]...
Running Ubuntu 9.10. In the Remote Desktop config dialog I get: "Your desktop is only reachable over the local network. Others can access your computer using the address 127.0.0.1 or tabatha.local." I understand this means only the loopback ip address is available. All my other machines show their true local ip address (e.g., 192.168.1.104) in this dialog. Thus I cannot log on to this desktop from other machines.
When I try to do a remote logon from another Ubuntu 9.10 box (or from an XP box using a VNC viewer), I get: "Connection to 192.168.1.102 has been closed." What steps are needed to make this machine show its actual ip address? All file sharing between the various machines is working properly and all windows shares back and forth between XP and 'nix, and among the the vaious XP boxes and linux boxes are available as designed.
Let's get clear with all bin and sbin folders(from filesystem hierarchy standard):
So the question is: Why there are so many directories and what are the meanings of /usr/sbin, /usr/local/sbin and /usr/local/bin?
Many programs are distributed through archives and we have to build them from source code. Usually they have makefile so it's quite easy. This process involves creating files in usr/local/lib, usr/local/bin... usr/local/whatever without creating specific folders for a given program.
I think it's not right because if we need to remove the program we have to manually delete every of its files if the program's creator didn't take care of it.