I have created my own custom ubuntu distro using the alternate installation cd and doing a command line install. I'm using ubuntu 10.04 as my base and am also using thunar as my file browser and am trying to create a secure desktop environment and to do that I'd like to restrict thunar to a certain partition. Is it possible to do that?
View 9 RepliesHere's the beginning of the issue: I'm running Fedora 12 with httpd and sshd. I want to create a user with a scponly shell for sftp access, but this user should ONLY be able to view /the/http/base/dir and its subdirectories. The user should not be able to see or get into directories above the httpd base. Someone mentioned creating a chroot jail for sshd and binding the httpd base to that dir, but this seems like more work than is necessary for the application I wish. Also mentioned was creating a user, say user1 with a selinux user setting of staff_r. I have read the articles and creating a user of staff_r isn't overly difficult, but how would I make it where staff_r would be restricted to where I want them to be? If I'm not mistaken, that would require changing the context of /the/httpd/base/dir?
View 4 Replies View RelatedAs example, I have directory in /root called as "shared". i already shared this directory using NFS. i want to limit this directory size into 20 GB(20*1024*1024).That means "shared" directory reserved 20 GB disk space from the HDD.how can i solve this problem
View 3 Replies View RelatedI am trying to download site using wget :$sudo wget -r -Nc -mk [URL] but it is downloading the contents of all directories and subdirectories under the domain :[URL] (ignoring the 'codejam' directory) so it is downloading from links like : [URL]... i want to restrict the download so that wget command should download only the things under 'codejam' directory
View 9 Replies View RelatedI've installed Ubuntu Desktop Ed 9 and I want to add a user account that would be very restricted. I would only want them to access the internet and run several programs. I do not want them to have access to the destkop, anything under preferences, administration etc... Is this possible?
View 1 Replies View RelatedI want to restrict SSH so that its only accessible via the machines I own on this network. Obviously need to secure user authentication/host authentication, that aside though is the following sufficient at a network level given technical users also use this network? IP addresses are static, though I know they could be spoofed.
Code:
Chain INPUT (policy DROP)
target prot opt source destination
existing-connections all -- anywhere anywhere
allowed all -- anywhere anywhere
[Code]....
I would like to allow a user to login through SSH but with differentpermission coming from different ipaddress.For example, a user "tester" login to SSH through 192.168.1.1 andanother user login with the same login id "tester" but from differentip 192.168.1.2.How do I restrict 192.168.1.2 to only allow for viewing the content inthe home directory while giving 192.168.1.1 full access?I got a suggestion from some oneApproach 1) Based on the ip you change the shell. If it's just for read only ajail would be fine.but how do I change shell based on IP?Approach 2) to have two ssh instances. Let's say port 22 and port 24. Port 22 isfor read only, while port 24 is for full accessso how can it be possible to give port 22 only read only access to SSH
View 1 Replies View RelatedI am trying to use apparmor to restrict my file browser, which is Thunar to only let me view the files that are in the home directory and also removable media.I tried following the apparmor sticky with no success.I created the profile and tried editing it and it either started and let me do pretty much everything or did not start at all. Would it be possible for someone to help me step by step to set up a profile for thunar that would only show the home directory and removable media.
View 2 Replies View RelatedI'm running Natty and have made two logins on the system. One for myself and family and one for the kids (teens 14-15yr) to play in without Internet access via Admin "Users and Groups". I have hidden the Internet software icons on their screen amongst others i don't want them to see on the menus. On our screen I use a Firefox addon called "Web Of Trust" that can be configured easily for the kids and another addon called 'Blocksite' that I can selectively use for them and myself etc.
I have found out that they have still been able to get on to the net somehow under their login. Will have to observe again!! In the users settings for the kids the tick box for 'Internet'and 'use modem' access is un-ticked so I presumed that would be enough! Not so!!
I m new with Fedora 14, and i have a basic business case :
I want to setup a user which should
- only connect to the server with SSH (ex.: no X11 connection).
- cannot change its shell
- cannot do any SU / SUDO command
This user is very similar to a SERVICE user, as I expect him only to run a single program (its shell).
Need to restrict cvs login from specific IPs
in file /etc/security/access.conf
+ : builduser : 10.200.2.1
Do not work
when changed to ALL as below it works
+ : builduser : ALL
I would like to allow a user to login through SSH but with different permission coming from different ipaddress.
For example, a user "tester" login to SSH through 192.168.1.1 and another user login with the same login id "tester" but from different ip 192.168.1.2.
How do I restrict 192.168.1.2 to only allow for viewing the content in the home directory while giving 192.168.1.1 full access?
I want to restrict user for SSH Logon, but able to use SFTP.
Also, i like to know how to restrict a user on SSH from everywhere except one host.
2 of us have been googling all morning trying to find out how we can restrict ftp logins to their own home directories only but nothing we've found so far has worked. We've tweaked sshd_config so that they default to their home directory but they are able to navigate up/across/down to everything. This is a "straight-out-of-the-box" debian 5.0.5 Netinst. Just a basic system with Apache/MySql/PHP/SSH and no desktop.
View 6 Replies View RelatedIn RedHat 4/5 How can i jail/restrict an sftp user to his home directory?
Can i do this without using rssh ?
I want the users to access servers via ssh public key only. By default they don't know their initial password and do need to change that when performing administrative tasks.For changing their passwords without knowing the old they need to switch to root for this special case.The only case it seems I don't have control is that users can not only change their password but also the password of other peoples. Does someone sees a solution (without apparmor/selinux and special /usr/bin/passwd.sh) to restrict users to only change their password?I miss the feature of using environment variables in sudoers file.
View 9 Replies View Relatedrestrict a user from seeing hidden files and folders?
View 8 Replies View RelatedI am trying to configure Bittorando and iptables using Firestarter. I have got it working but am concerned about security holes.
Let me explain.
AIUI, the Bittornado program contacts the "tracker" on various ports which (from the previously blocked connections in Firestarter) ranged from 4664 to 65532. Therefore, currently I have set this range to be open to allow downloads of the torrent.
However, this seems, IMHO, to devalue to point of having a restrictive exit policy for Firestarter since now virtually all ports are open. I can see nothing on the Bittornado client to restrict the outgoing ports although the "listening" (incoming) ports can be restricted.
I would prefer to have my system locked-down so that the minimal number of ports are open to initiate external connections so is there any way to achieve this with Bittornado?
Perhaps it is my misinterpretation of AppArmor, how can it be configured to restrict TCP or UDP traffic to/from specific ports?
The profile "abstractions/nameservice", under the section "# TCP/UDP network access", doesn't seem to lock the application to port 53. What am I missing? Restriction to specific ports is something that systrace can do so I'd expect nothing less from AppArmor.
if i want user should`t have more than 20 sftp connections to a server,is there any way we can limit no.of connections to a particular user on the server using ssh configuration
View 7 Replies View Relatedmy team is working on network thier termial is windows and my server is linux centos we work on simple network with out domainmy user works on files on the server, can I deman ser name and passwork when they try to change to the shared files on the servernd can i monitor which user chaned a fileI have css developer and he is only allowed to create and modify css files can i do this ?
View 3 Replies View RelatedI heard we can set security in /etc/hosts.allow and /etc/hosts.deny on user base also like something user@domain or something if so how can I restrict a user to access particular service by his/her user name in a particular host via /etc/hosts.allow or /etc/hosts.deny
View 3 Replies View RelatedI want restrict telnet session to users.
That means the client login one user at a time. not multiple login.
For example:
I want restrict this. How to restrict one user to use multiple login.
In a recent discussion I had, I was led to believe I could use sudoers to restrict using vi (for example) for the editing of say specific config files. I know how to allow root use of vi and how to lock it down from getting to a bash prompt with NOEXEC tag,but I can't figure out how to restrict the use of vi to only edit certain files. Tutorials and howtos I have checked don't address this
View 7 Replies View RelatedIs it possible to restrict root logons to the SSH server to just a single ip address (or maybe a range?) I have other users connecting to the server daily so restricting ALL access to a single ip i cannot do. I need root enabled (for my own reasons) but want to lock it down a bit more.
View 9 Replies View RelatedIs it possible in Linux to restrict POP3 or IMAP for particular users.I need a confirmation on this, that it is possible or not in Linux.
View 3 Replies View RelatedModule xselinux appeared in new versions of XServer theoretically allows to use SELinux in order to improve security. First of all I'm interested in examples of the use of this module (configuration files and what functions it perform). Also interesting to know whether some user's actions with XServer can be restricted via xselinux module (e.g. screenshot prohibition).
View 11 Replies View RelatedI'm trying to tighten up my network a bit. I've given my dhcp server a list of static mac addresses and ip's for computers i know, and a very short range of dhcp addresses that are redirected to kittenwar.My dilemma is that if someone has my wireless network password, or an ethernet cable, they could set the ip address manually and gain access.how can i deny them this pleasure?im running dhcpd3, and iptables on a debian/lenny intel 2.4 box. dd-wrt is running in a linksys wrt54g and is handling the wireless security
View 7 Replies View RelatedWe can restrict CTRL+ALT+DEL from command prompt by changing inittab file but how that can be achieve in gui on reboot?
View 4 Replies View RelatedI tried changing the sftpserver port but its not working, besides how can i restrict users from particular ips.Eg: users a can ssh from 192.168.*.*user b can sftp from 200.*.*
View 2 Replies View Related