Ubuntu Security :: Configure Firewall And User Rights?
Apr 27, 2011
I am novice user of linux. I need to know how to configure firewall so my system cant be compromised...In windows my system was greatly compromised. keyloggers were installed without my approval and my desktop was taken on remote. What should I do so without my knowledge no software can be installed and i can close all ports and only open which ever port is required to open. What should i do so my desktop cant be taken on remote?How do I configure user rights ? So except me no one can install any software. I will have another general user id for internet surfing
I am novice user of linux. I need to know how to configure firewall so my system cant be compromised...In windows my system was greatly compromised. keyloggers were installed without my approval and my desktop was taken on remote.What should I do so without my knowledge no software can be installed and i can close all ports and only open which ever port is required to open. What should i do so my desktop cant be taken on remote?How do I configure user rights? So only root and one admin can install softwares and no one else.
I have a user account which is required to run as part of the operating system and as a service. I am currently attempting to install my companies software on an Ubuntu desktop via wine just for the purpose of finding out if it's do-able.
Is there a way, in Ubuntu, for a user account to be given the local rights assignment to act as part of the operating system and to function as a service in the background?
What I am tring to do is give all users of group users rwe any files/directories of a samba share execpt for the top level.Top Level cotains a number of folders and a readme file and should be r-eSublevel should be rwe including files/dir they did not create.I'm am familure with chmod/chgrp but not sure how to do this.
I'm new to Ubuntu and wish to use the system in combination with Apache/mySQL/phpMyAdmin. I managed to get phpMyAdmin working for now. Also mySQL database seems to work. Only problem is Apache2. I can start the server and it is working. However in the folder /var/www/ where all site files are stored, I can not edit anything. I have been reading about sudo nautilus which did allow me to change administrator rights for the folder, but still I do not get it working to display other than the default index.html page. Is there a manual or quick solution for me so I can use apache with Ubuntu?
I am trying to set up a simple home file-server for media and backups, using an old Atom board I had lying around and 1GB memory, so I don't want a full desktop. All goes well with installing server 10.10, using LVM for my data disk. However, I wanted some GUI tools since I am not familiar with the CLI, so I installed gdm, xorg, and gnome-core as suggested in some threads and forums.So far so good, it boots into the Gnome desktop, but I can't get sudo access with anything (synaptic, gkedit, etc.) - always "incorrect password". I am fine from the console; I reset my user password, no luck; I set up another admin user, and that also works in console but not the desktop.I have no idea where to go next and can't find anything that works in the forum
I have my own 16GB sandisk cruzer flash drive, I've already mounted him and can read on my own user, but I can write on it only using root. how can I give my user Chmod +x on the folder /media/XXX ?
I am only user on this ubuntu 10.10 install. I have admin rights but when I try to change some settings via Ubuntu tweak unlock or alter user and groups via advanced tab I never get the option to enter my password. I have added a new user 'tempuser' via safe mode and this user is administrator too but everything works fine from this user..
Results from $ grep admin /etc/group lpadmin:105:heath,tempuser admin:119:firstuser,tempuser,heath
Results from groups admin adm dialout fax cdrom floppy tape audio dip video plugdev fuse lpadmin sambashare I am thinking of making a fresh install if I cant sort this but would like to fix if possible.
I'm having a bit of a problem after joining Ubuntu 9.04 to my company's Windows Domain. I can log in and use sudo just fine but I don't have access to certain things in my menu (i.e. "Add/Remove Software") and I can't open the User Manager. I manually edited the /etc/group file as root and added my username (username@domain) to the appropriate groups but still no luck.
I have created a new user using sudo adduser "user1" from the root .but this user does not have full admin rights...How to give full access to this user1?
I have configured Ldap Server in CentOS 5.4 & it's working fine, the problem is when I create a ldapuser from server the user can login in client machine but the user has no rights to change the password. How to rectify this by using commands.
when i logged in as user,it shows packages are there for update?,when i click yes it shows insufficient rights.But when i logged in as root i can perform software updates.
I am new to ubuntu and just installed the vsftpd service by this tutorial: [URL]. Now my question is how can I give users rights to one specific folder? useradd username -d /home/folder/new Thats the command id used but when I login to the ftp the user is able to see all other folders as well ..
I have been wondering if a guest user could compromise a machine which is set in the following way: they are not able to open the computer case, to boot from either an USB flash drive or an optical-disc drive, nor have any knowledge of the administrator-user password. Thus, they are landing on their guess account, and have to work their privilege escalation from there.
Therefore, what can they do to gain it? Could they download or otherwise install or run from a thumb drive an application that could be used to crack the administrator-user password? Because, it seems to me, could they enter into the system such a password-cracking application, the whole system could be compromised given the administrator-user password contains less than 9-or-so characters. What do you think? Can I lend my computer to anybody without them having beforehand gained my trust in them? Is the reasoning reasonable?
How can I mount a device with specific user rights on start up? I still have some problems figuring it out. I would like to mount the divide with uid=1000 and gid=1000. My current entry to the /etc/fstab/ file looks like this:
I have a few FTP users on my linux server(running vsftpd). They all have their own directory and can upload and delete files in that folder.Now, I was wondering whether it would be possible to create special permissions/rights for users. For example, I would like to make it so that certain users could not upload .exe files, or I want a certain user to only be able to upload image files (gif, jpg).
One of the feature in my application involve changing of hardware setting. This require the user to be root or have administrative right.Before my application enable that feature, I want it to check whether the user is "root" or not, or whether user use "sudo" command to run the application or not, or whether the user has administrative rights or not.What are the codes or library that can do this?
NOTE: Sometimes, advanced linux user may set the user id of root to something else other than 0. So, getuid() may not be helpful in this case.
I have setup a VPS server, created two accounts to two domains respectively, and in one account I built a tool to manage other accounts. I have been rigorously researching and found information, however not implemented yet, about granting apache sudo rights through an interface on one account, so that it can execute scripts as root to manage installations in other accounts. what I mean this is my tool will use 'rsync' to duplicate installations from any account into any account.
My question for security, is it secure to grant apache sudo rights? I have not resolved successfully granting it permissions, and I would not want to waste my time investigating more on it if it can compromise the system in any way.
In your experience, is it feasible to build such a tool like I described? I have the tool working to copy within account and to addon domains and it works great, but I want it to manage all accounts on the server.
Quote: The open-source Linux operating system contains a serious security flaw that can be exploited to gain superuser rights on a target system. The vulnerability, in the Linux implementation of the Reliable Datagram Sockets (RDS) protocol, affects unpatched versions of the Linux kernel, starting from 2.6.30, where the RDS protocol was first included.
According to VSR Security, the research outfit that discovered the security hole, Linux installations are only vulnerable if the CONFIG_RDS kernel configuration option is set, and if there are no restrictions on unprivileged users loading packet family modules, as is the case on most stock distributions.
Is it possible to give user only FTP access / browsing rights for certain directory within /srv/www/htdocs and prevent same user to browse all other directories, even user's /home directory on that server?
Using Dolphin in Super-User mode, I can copy files and directories from the share to itself with no errors. Using Dolphin in Normal-user mode. I get the failure "Could not change permissions for...". The file is copied, but its owner,timestamp and permissions are wrong. If a subdirectory is involved, the copy aborts.
Using Windows XP I can copy files and directories from the share to itself with no errors.
Testing: If I mount with uid and gid, then my normal user can not access the share. mount.cifs //10.x.x.x/Data /home/stevej/Synology/Data/ --verbose -o user=stevej uid=stevej gid=users
[code]...
Synology DS211 - There are 2 users on it. One of which is stevej and the other is julie. Rights RWX are applied to the users and the group called users. All files have stevej as the owner and users as the group with RWX Opensuse 11.4 - There are 2 pc's. One is run as stevej. The other pc runs as julie Windows 2000 - Runs as stevej and maps to the share as stevej.
Works as expected Windows XP - Runs as julie and maps the the share as julie. Works as expected Ultimately, I want the shares to automount at boot, or login and give the user full access. I have been to Swerdna's page and done as much as I can, but still no luck.
