how secure a default install of Xubuntu desktop 10.04 is when connected to the internet with a routable, public ip address. If anyone can give some recommendations on any changes/additions they would make to improve security
View 2 RepliesWhat do the default file permissions in ubuntu 9.10 protect/deny access to?
View 9 Replies View RelatedAre the default firewall settings of F10 without any modification, sufficiently secure for general usage and to bridge the timeframe between a fresh installation of F10 and the time before the security updates are applied?imilar to how Windows firewall is set without any configuration, or do I need manually configure it to be somewhat secure, or something like Firestarter.
View 14 Replies View RelatedI'm an Oracle DBA and started working for my current employer about 4 months ago. This past weekend an alert re: FS space brought my attention to /var/spool/clientmqueue (full of mail re: cron jobs) and the fact that sendmail is not running on our Linux servers.I'm told that the IT security team deemed sendmail too vulnerable so we don't run it.Aside from FS filling up and missing notification of issues with crontab entries, I'm concerned that we may be missing notification of potential issues. In other Unix/Linux environments I've seen emails from the print daemon when it experienced problems with specific jobs.
Are there other Linux facilities aside from cron and lpd that use email to advise the users of possible issues? Are there ways to secure sendmail or secure alternatives to sendmail? My primary need/desire is to make sure that emails regarding issues on the server get to the appropriate users. Secondary goal would be to have the ability to use mailx to send mail out. There is No need/desire to receive mail from outside.
I installed a fresh copy of Ubuntu 11.04 on my server about 2 weeks ago, I setup remote desktop and figured to just leave the password field out as it suppose to be pre-configured to only accept local connections, well, apparently not. I was noticing some strange network activity and checked my router connections and sure enough I see port 5900 to the server, open vino icon and see that there is someone else connected! (IP of unauthorized user: 77.29.51.239 ).. Immediately kick them and set a password. This should really be addressed and/or a password should be defaulted or at the very least the "Your desktop is only reachable over the local network." should be removed.
View 9 Replies View RelatedI know I can have the gnome desktop on my server by typing:
sudo apt-get install ubuntu-desktop
But can I install the xubuntu (XFCE) desktop instead?
I downloaded the 6.06 version of xubuntu because i have a laptop that doesnt support high graphics mode, and i wasnt able to figure out how to get it to run in low graphics mode. i figured that i would get a version from a while back, and then update it up to the current version. now, to the problem. I was able to upgrade 6.10, but now it says Ubuntu version 8.04 available, so i tried to update it. it gets most of the way through the part where it says calculating or something like that, and then it says: "Can't install 'xubuntu-desktop' It was impossible to install a required package. Please report this as a bug." with an option that says close at the bottom. when i click close another window pops up that says: Could not calculate the upgrade A unresolvable problem occurred while calculating the upgrade. This can be caused by:
* Upgrading to a pre-release version of Ubuntu
* Running the current pre-release version of Ubuntu
* Unofficial software packages not provided by Ubuntu
If none of this applies, then please report this bug against the 'update-manager' package and include the files in /var/log/dist-upgrade/ in the bugreport. Then the window just closes... anything that i could do to get rid of this problem? EDIT: Is there any way to update directly from an .iso file on the desktop?
I was thinking of creating an extremely minimal version of Xubuntu using XFCE. I have a Dell Mini 9, a netbook that uses a wireless-g card requiring bcmwl-kernel-source to work.What I would like to do is use either the alternate CD or mini.iso minimal install file to perform a command line install-style installation of the system.So far, what I am thinking (from reading this [url].... article:
HTML Code:
http:[url].....is to start off with these packages to begin with:
xorg
slim (if possible with 9.10, unsure if it is still available. in short, i want to use a lightweight display manager)
xfce4
xfce4-goodies
xubuntu-default-settings
bcmwl-kernel-source
aptitude
My opening questions are: Should I go with mini.iso or the Xubuntu Alternate Install CD (or the Ubuntu one)? If so, which one? What additional packages will I need to make the hardware accessible and fully functional? All I can think of so far would be sound (I'd like to stay away from PulseAudio if possible, it wreaks havoc with my computer), my webcam, and the memory card slot, if additional packages are needed for it?What other "core" packages should I include in this list? Should I include Synaptic, or other packages, and why?What do I need to take into consideration, since this is both a directly- and battery-powered computer?
HTML Code:
http://ubuntuforums.org/showthread.php?t=1155961
post regarding a "Ubuntu-Desktop-Minimal"-type system.
I seem to be missing a secure.log or security.log file. I have Ubuntu 10.04 and can't find this file. I looked in the /var/log and ran a search command to no avail. Does anyone know where this file is or is it called something else. I'm looking for a file that logs any change to the security settings of the system.
View 1 Replies View RelatedI do a lot of torrenting on my xubuntu box, and ever since my introduction to computers, I have become attracted to the command-line way of doing things. My default editor is vi, my default torrent programme is rtorrent, my default gopher client is lynx... you get the idea. My web browsing, and sometimes also my file browsing, however, is always in graphical mode.
As you know, downloading a torrent involves downloading a small file with the extension .torrent. When I clicked on this .torrent file, although I have rtorrent installed, Transmission showed up. Not to insult the Transmission guys, but compared to an ncurses-based torrent client, Transmission is just too bloated. Anyhow, I right-clicked on the file, Open With Other Application, etc.
Into the box that showed up, I typed /usr/bin/rtorrent (the path to my favourite torrent client), and clicked OK. I double-clicked on the torrent file again, and nothing. Transmission didn't show up, but neither did my terminal client. I'm sick of having to go to the Applications menu and firing up the Terminal to torrent a file. I'd like to have the Terminal open up with rtorrent as soon as I double click the file.
I customized the appearance of my Xubuntu and now I would like to go back to it's default theme. The problem is that I don't know how. I've switched to greybird but it seems that it's not enough.
View 1 Replies View RelatedI was using Xubuntu 9.04 and recently installed 10.04. I have separate / - 20 GB, swap - 1GB and /home - 80GB partitions. I had formatted only the / partition and installed 10.04. I have copied users information from 9.04 to 10.04. I can log into newly installed 10.04 system. But the desktop menus and appearance is that of 9.04. I would like to change it to default 10.04 desktop menus and appearances. I have used command rm -rf .gnome .gnome2 .gconf .gconfd .metacity and re logged into my system. But still the desktop menus and appearance didn't change. How can I restore 10.04 xubuntu default desktop menus and appearance settings?
View 2 Replies View RelatedIs there a GUI that will allow me to set a default file manager for Xubuntu? I would like to use the Nautilus File manager. Right now I access Nautilus from a launcher I have on my Panel. I would like to have the ability to switch file managers, set defaults etc...
View 1 Replies View RelatedThis is a new, two days since release 11.2 install on a freshly formatted drive. I lost the KDE 4.3 default semitransparent Desktop Window with all the desktop folders. I believe what happened was when the mouse went across this window, the window side pop out with the X at the bottom appeared, the mouse pointer continued onto the "old style" desktop far away from this pop out and I clicked on blank "old style" desktop. This window appears to have treated this as selecting the X in the pop out, which I probably went over without clicking on my way past it and this window is gone. I have changed to "folder view" since I can't figure out how to restore this window for the "default desktop view".
How do you restore the semitransparent default Desktop Window when its no longer in its own "view"? The jury is still out on the obviously improved, but still not ready for prime-time KDE 4.3. I feel like a Microsoft OS user being forced into using a "new" burdensome/buggy interface I don't want or need at all. Even the KDE 4.3 manual admits some things (only some?) will not work as expected. The KDE 3.5 interface did everything I "needed" quickly and without problems. I've already had enough abuse from MS, please stop emulating them.
Is there a description of the features and differences between the Desktop and Default kernels? Did "Desktop" arrive with 11.2 and 2.6.31? I did not notice it at first. I loaded 11.2 on a desktop machine and both default and desktop kernels were loaded to system, with Desktop set as default in grub. I have been working thru several "strange" behaviors ever since loading 11.2. At the top of my list has been the ability to shutdown the system from remote logins. I normally connect to the system via a Xwindows package (Xmanager). X works fine and I could shutdown via the GUI (Application Launcher - Leave-Shutdown).
When connected via a remote ssh link, either from a windows machine or a different linux machine, attempts to shutdown (shutdown -H now) send the expected messages, close the remote connections but leave the system still powered on but in a no-remote-connectivity state. When I upgraded to KDE 4.3.4 following the Forum Repository guidelines, I could no longer shutdown via the GUI. In searching about, I found that the Desktop kernel was running. Changed grub, rebooted under default, shutdown under GUI works again. So, for starters, I am trying to decide which kernel environment (default or desktop) should be my target for continuing to work thru issues.
I set up my ubuntu server with iptables that only allows ssh in the input chain (and of course established connections) with only the mac adress of my laptop allowed to connect, set up a key with a long passphrase and installed pam_abl plugin. ICMP echo is blocked by default.
The only problem is i log all other attempts to connect to the server and i see a lot of traffic going to ports 445 and 5900.
My question is: Is there a possibility that these attempts could succeed and is there any way to further ensure this server?
A) Pc-bsd
B) Ubuntu
And also which OS is more reliable?
How can i secure grub 2.0 ? with grub 1 just do : grub-md5-crypt then we write password --md5 <crypted_password> in /boot/grub/menu.lst
View 9 Replies View RelatedIs it possible at all to secure transmission?
View 9 Replies View RelatedNewbie here,
I'm thinking of moving mostly to linux to get away from the security holes in Windows. And I have some questions...
How secure is Firefox for doing online banking?
Sometimes I have run into a situation where the bank doesn't support anything but Windows explorer when accessing my accounts. Can this be gotten around safely in Linux?
If so, How?
Is there any way to secure harddisk accessbility ? i want encrypt my hard disk, and partitions that ubuntu installed on that. is there a way ? i want deny all access to hard disk, just my own root account can have access to all.
View 9 Replies View RelatedOk im new, i know apparmor is running. i was looking for firestarter but their isnt one.....how do i secure this server? i want a good firewall and some virus protection!. also do i need this?
View 9 Replies View RelatedI want to set up a website that hosts very confidential business information. The info needs to be accessed by multiple people in different geographical regions. The entire website would require the high security (ie: there are no little sections that are publicly viewable). While the site will be run with Ubuntu server, I will be hosting it in Amazon's EC2 cloud.
So, if I use the HTTPS protocol with an SSL certificate, am I pretty well reaching the most secure possible situation? Are there any concerns with using the EC2 solution? Obviously there are a LOT of variables involved with maintaining website security, but I want to know if HTTPS is the current best bet (in addition to all the "best practices" of securing a site) or if there is a more robust way of securing content.
what is the best option to securing server via firewall and iptables?
View 9 Replies View RelatedI am running UFW, which is set to deny everything but SSH on port 22, OpenVPN on port 1194 and HTTPS on port 443. SSH is set to only allow private key logins, and the root account is disabled. I have AppArmor running for all of my daemons (OpenVPN, Apache2, OpenSSH) and I have Fail2Ban running.
Is there anything else I can do to secure my server from the Internet (it is directly connected, there is no NAT between the Internet and my server).
If I need to get a file to someone I could place it on the server and somehow automate an email telling them there is a file available. They could login to the server based on their email address and a randomly generated key combination and down load the file.I also need it to preform the same function going the other way. Login into my server and place files going to me.
View 2 Replies View RelatedI seem to be missing a secure.log or security.log file. have Ubuntu 10.04 and can't find this file. I looked in the /var/log and ran a search command to no avail. Does anyone know where this file is or is it called something else.looking for a file that logs any change to the security settings of the system.
View 6 Replies View RelatedI always hear 'do NOT install anything from anywhere except the official repositories'. But I find a lot of great apps that are not included in repositories and would like to ask. How actually secure launchpad is? Are the codes reviewed by anyone? How do I make sure that a piece of software is not going to harm my Ubuntu? If I add a PPA for some program I won't going to check it's code every time it updates or am I being too cautious?
View 9 Replies View RelatedIs there a way to securely empty the trash bin without the need to type some shred command into consoles. My intentions is to be able to securely delete files when the 'Empty Trash' is used so to save the trouble of going to a console and doing some commands using shred.
View 5 Replies View RelatedA friend of mine has a private forum setup so he and I can communicate back and forth so we don't have to send emails. The link is a "https://" so I'm assuming it's secure. I'm a newbie to ubuntu and I have already switch 3 of my computers at home to ubuntu.
I'm using Ubuntu 10.04 and google chrome as my browser. When I log into his forum it pops up with a screen saying "The site's security certificate is not trusted" and I always click proceed anyways. I'm not worried about this because I'm 110% sure that it's his website that I'm trying to access. My question/problem is it also pops up with a little box telling me to enter my Username and Password every time. When I was using WindowsXP, I had to enter this info once and then I wouldn't have to enter it again.