I am wondering if there any any key loggers in the repository or on my system that I could setup and view. I would prefer a terminal only application that would require root permissions to get at.
Are there any that people use?
FYI I have Ubuntu 10.10 64bit.
does anyone know of a good tutorial on how to set up and configure snort 2.8.5.2 on a ubuntu 10.10 system.I have been trying to set up snort and have run into alot of problems setting up the config file and the rules. It works in sniff and packet log mode but i cannot seem to set up IDS mode correctly. There is alot of different info on the net but not much help. There seems to be alot of work involved in setting this up which i do not mind provided i can find the proper documentation to configure the set up.
View 9 Replies View RelatedIs there a way to delete files on the commandline that uses the KDE-Wastebin?It appears that I never ever need the KDE4 Wastebin for files that I deleted through Konqueror or Dolphin. It is only when I delete files on the konsole with rm that I wish I could undelete them. It always happens like that, mostly by being in the wrong directory or using a wildcard when I should not have. (I don't have any erroneous deleted file right now, and I do have plenty of backups, but I just wonder whether there is something better than rm to use generally on the commandline.)
View 9 Replies View Relatedthis is the allert i got:Code:Summary:Your system may be seriously compromised! /usr/sbin/NetworkManager tried to loada kernel module.Detailed Description:SELinux has prevented NetworkManager from loading a kernel module. All confinedprograms that need to load kernel modules should have already had policy writtenfor them. If a compromised application tries to modify the kernel this AVC willbe generated. This is a serious issue.Your system may very well be compromised.Allowing Access:Contact your security administrator and report this issue.Additional Information:
Source Context system_u:system_r:NetworkManager_t:s0
Target Context system_u:system_r:NetworkManager_t:s0
Target Objects None [ capability ]
[code]....
Is there a way to to check if the system has the available security updates installed? Specifically, I am looking to do this programmatically.
View 1 Replies View RelatedI am using ubuntu 11.04 in my home desktop. Is it necessary that firewall should be active inorder to avoid hack? I heard that we will not be given static ip address, only paid one will get static ip address that can be used for web server implementation. If my system doesnt have static address then can others access my system?
View 9 Replies View RelatedI've been looking at setting up truecrypt on my laptop, but the guides on the truecrypt site and the ubuntu documentation seems to be incomplete or not address what i want to do.
What I have:
dual boot windows 7 / Ubuntu (lucid)
What I want is to dual boot with the hidden OS system:
Windows 7 (plausable)
Ubuntu (plausable)
Ubuntu (hidden install)
Is this possible? or is it better to make a hidden /home partition?
I am a Linux newbie so please bear with me if I sound stupid. I was checking out how to set up a firewall for my system and landed on this webpage: [URL]. But I am so confused with how this ufw application works. What I understand is that once I set it to "default deny" it prevents unauthorized incoming connection but what does it mean when the author says to add exceptions for services I need? When do I need to do that? Also what's an SSH server?
View 2 Replies View Relatedi have set up a transparent proxy for all my computers and its working great but i would also like to hav clamav activly scan but i am a bit lost i have tryed to setup havp, squidclamav, with no luck.
View 4 Replies View RelatedI often get responses from people who first say: "Are you sure? You want your network to be exposed to the outside world?" I am not experimenting on a Production Server of NASA or any Security Concern Department. Friends, there is no harm in experimenting on your personal computer or on a test computer which is isolated from the production environment. Look at hackers! What do they do? If they don't know how security is breached then how would they come up with security measures?
If my question reads... "How to let any user perform Administrative Tasks on a Linux System irrespective of his/her privileges on that particular system?" then I would not get the right answers in the first place. They will say... "You are letting everyone destroy your system... are you sure you want to do that?" My question is: Why should we restrict ourselves from experimenting even if it sounds weird to other people?
I give you an example where it is desirable to let an unprivileged user perform certain tasks. You want to know if there are any employees in your office who are storing videos in their home directory and filling up the disk space to a great amount. You have a department called "Command Center or Data Center Operations or Help Desk" call it whatever you would, whose work is to monitor such activities, and you create an account "monitor" for them to monitor such activities but they are not able to do them:
[Code]..
Which is the best remote linux hardening GUI tool.Is it possible to use that tool from windows system?
View 8 Replies View Relatedhow to schedule updates for clamav (every hour)?
View 9 Replies View RelatedI am attempting to set up a VNC with ssh tunneling for remote desktop between my laptop (opensuse 11.2) and my desktop (kubuntu karmic) and using the instructions here: [URL] and here: [URL] but I am having trouble getting remote desktop to work once I establish the ssh tunnel
I start out with
Code:
ssh <user@remotepc> -p <non22port> -L 5900:localhost:5900
That seems to wok and connect properly
The problem comes when I try to use a remote desktop client on the laptop to initiate the VPN desktop sharing and point it to
Code:
localhost:5900
Thats when I get a notification on the host saying:
Code:
Refused uninvited connection attempt from 127.0.0.1
And on the laptop I get:
Code:
VNC server closed connection
I have tried messing with the few settings in Krfb, but none seem to have any impact. How do I open localhost:5900 and allow VPN tunneling to the host machine?
I am trying to install COMSOL 4a in Ubuntu 10.04 and when I try to run ./setup and I am already connected as root the command line gives me a permission denied error.
View 6 Replies View RelatedI have a small network at my office (3 workstations, 1 ubuntu desktop that I'm using as a file server). I'm using a WRT54G2 router for networking and internet connectivity. Here's what I'm trying to accomplish: I want to be able to access my little file server from home, across town. I think ssh might be the best way to go now. What I don't know: How do I set up the ssh server on my machine/network without compromising my network security and the security of my server? Do I just set up port/ip forwarding on my router, install openssh, and that's it?
View 9 Replies View RelatedI got Shorewall firewall all Set-up perfect but I'm stuck at 1 last bit. The aim is to let on 2 clients max onto my server. I have the policy setup in webmin as.
Uploaded with ImageShack.us
More than 2 clients can get onto the server. The aim is to have it as a ddos protection allowing 100 clients on and a max burst of 10 clients at a time.
We are trying to set up a NIS server on a CentOS system. We need to have a NIS server which can provide NIS authentication to a couple of clients. We are practically new to all this stuff.
Just googled to find some ideas about installing ypserv and ypbind and portmapper. We did all that and also started them successfully. But now the clients are not able to join to the NIS domain . The error log states "YP_DOMAIN NOT BOUND".
I guess we have not entered the /etc/yp.conf, /etc/hosts files properly. Please let us know the detailed steps to setup a NIS server .
Also, please let us know what entries should go into the different /etc/<file_names>? What is meant by HOSTNAME in the /etc/hosts file?
Is there any other files which need to be changed? Are we missing any steps?
Also to add-on, while executing the ypinit command we faced the following error:
At this point, we have to construct a list of the hosts which will run NIS servers. localhost.localdomain is in the list of NIS server hosts. Please cont inue to add the names for the other hosts, one per line. When you are done with the list, type a <control D>. next host to add: localhost.localdomain next host to add:
The current list of NIS servers looks like this:
Is this correct? [y/n: y] y
Error running Makefile.
Up until recently, as in a few days ago, I was using Ubuntu and had ufw managing the firewall.It's been "recommended" that iptables itself be used. Where do I do the rules go (as in a file) and how do I call those rules at startup?
View 6 Replies View Relatedwant to set up snort on my F13 home computer.Is there a simple way to do it or do I have to do it the hard way (compiling and stuff) ?I want to use snort for intrusion prevention and detect possible threats from internet.
View 3 Replies View RelatedI have just installed SSL certificate for my private domain (it runs on a private ip in a local network). I got the trial SSL from thawte. I have successfully installed the certificate.
View 1 Replies View RelatedI'm learning to secure my server in the best way I can think of: By learning to attack it. Here's what would like to accomplish. I have SSH set up on a linux box in a offline lab environment.
Username: root
Password: ajack2343d
Now, I know I can simply brute force this as I know the password, but there has to be other ways, and I wish to learn them.
I have tried, to set this up, but failed what kind of ftp would you guys recomend, as i have been having slight problems over recent days, with unknowns logging onto my annon ftp server, delt with mind.
I am thinking about a proper login even for the annon account, fairly easy to setup.
I've set up a server for the first time today and I'm reading up on how to secure it. But I was wondering if anyone here would give me some tips from personal experience on what to do before going online with my website for the whole world to see. I'm running Ubuntu Server edition and Apache. Am I good to go with default settings or is there anything recommended that I should first do?
View 9 Replies View RelatedI am striving to setup OSSEC to monitor some specific files for realtime changes! Is this possible? I can't really find a lot of info from their Documentation
Some Examples:
/etc/myfile.txt is deleted. I need this to be reported.
/etc/myfile.txt is created again so I need this to be reported again!
This has to happen instantly though, because the file might be deleted and created again many times in a short period of time.. Another one...
/etc/passwd is touched (accessed) even if there is no changes! Can this be reported as well?
I am trying to setup a firewall using Centos 5.5. The machine has 2 NICs, one connecting to the ISP/Modem and the other connected to a DIR-655 wireless router. The nic is connecting to the internet port on the router.
I do not want DHCP on the Firewall machine but on the wireless router.
[ISP/Modem]<--->[machine eth0]<--->[machine eht1]<--->[DIR-655 internet port]
IP from ISP Dynamic 192.168.1.1 192.168.1.2
IP's on the DIR-655 LAN will be 124.168.0.0/24 network lets say.
I have setup routes on the eth0 192.168.0.0/24 and 124.168.0.0/24
and added 124.168.0.0/24 to eth1.
I can ping eth0 and eth1 but cannot ping 192.168.1.2.
this setup is not actually connected to the internet so I disabled iptables to try testing the ping and still no good.
I set up iptables but it is blocking my SSH set up. I did allow it by opening port 22 but it did not work. Here is my config:
Code:
iptables -F
iptables -P OUTPUT ACCEPT
iptables -P INPUT DROP
iptables -P FORWARD DROP
### this should allow SSH traffic
iptables -A INPUT -p tcp --dport 22 -j ACCEPT
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
How do you allow SSH through the iptables firewall?
I am looking for a way to setup sudo access for a user, so that he can change permission of all files of the given dir.
eg:
By this user can change ownership of files which are on depth bellow to given dir (i.e /etc/userA-conf/), but while trying to change permission of /etc/userA-conf/../user-conf2 , getting error, user userA don;t have that permission.
Let me know what will be the right regex/pattern to achieve this.
In Solaris it's working fine, but I am trying it on Linux RHEL5.
Long story short: I opted to encrypt my home, enter the passphrase and soon as I log out and rebooted, I got stuck with a message about /var/lib/ICEauthority file and other messages. So I've been trying to fix one issue at the time. The bottom line is that I'm trying to get to my private folder. Dropped in recovery mode:
[Code]...
Using Windows, I always set a Restrictive firewall policy with a third party firewall. But I also had all ports set to Stealth, something that appears to not offer any security benefits (as I've learned from reading Ubuntu forums). I'd like to learn about best security practices (under Ubuntu) for outgoing firewall protection. I will be using the built-in Ubuntu firewall that is configured via Firestarter. Outgoing filtering offers privacy as well as security benefits. But I thought I needed my ports stealthed to be safe too, so I'm open to learning new things.
I wanted to start a poll to find out how many folks use permissive/restrictive, but no polls allowed here apparently.Could Ubuntu users knowledgeable about firewalls enlighten me on whether I should go Outbound-Restrictive and what applications I will need to allow so Ubuntu "housekeeping" is not affected negatively? I basically just use the internet for software updates, web-surfing and e-mail. One question I have is whether there is something comparable in Ubuntu to Window's "DNS Client" service? I always disabled Window's "DNS Client" and forced each application to request port 53 DNS lookups itself.I only had to allow four programs to accomplish all internet traffic that I engage in. I set all other programs/applications to be either Blocked or to have to Ask for an outgoing connection as needed.Here is my former Windows XP setup:
svchost.exe: allow UDP for ports 53, 67, 68, 123 (time) and TCP for ports 80, 443
Avast: allow UDP for port 53 and TCP for port 80
firefox: allow UDP for port 53 and TCP for ports 80, 443
IE: allow UDP for port 53 and TCP for ports 80, 443
I have a removable USB drive formated with NTFS. I enabled all the samba boolians in the SElinux GUI but it still doesn't seem to work. If i put it on permissive it will work. What more is there that i need to do to get my directories to show up on samba with selinux enabled?
View 2 Replies View Related