Ubuntu Security :: Vanilla SSH And Other Apps That Want To Use It
Dec 8, 2010
I've got an Ubuntu 10.04 box (up to date) with a MySQL database that I log into remotely via an SSH tunnel. In order to make this secure, I've remapped the SSH port to something obscure, and locked down the firewall to allow only this port.
I've disabled password login, and get in via a 1024-bit RSA key, which has an attached passphrase.Right now, it works like a charm. However, I've become interested in trying out NoMachine NX as a way of working on the Ubuntu machine (VNC works, but is not an option). NoMachine NX requires a DSA key without a passphrase, and is not interested (as far as I know) in playing nicely with my existing RSA keys.
My question, for you security experts, is this. Do I have to scrap my existing SSH config and start fresh with NX in mind? Or is there a way around this? Moreover, if I do that, and get NX working, will I still be able to use Putty to tunnel in as I do now, for using the database?
View 4 Replies
ADVERTISEMENT
Mar 31, 2011
I just preparing some presentations and was wondering what the most interresting Tools on the FSL would be. There are many, many everybody would use, but what would be the lets say "most wanted" Tools on the fedora Security Suite aka FSL?! Without what Tool you could not work?
View 2 Replies
View Related
Feb 6, 2011
OS: Fedora 14 i386It's used as a ""normal desktop laptop""."USER A" - it's the mainly used user, i log in with GDM with it, etc.Goal: I need a little more security - separate a few apps!How: run 3 applications ( Transmission, Google Chrome, Wine ) with other users ( so not with "USER A" ). But when i'm logged in ( in GUI ) with "USER A", i need icons on he's the Desktop. E.g.: just one click ( without asking for password!! ) and Google Chrome starts with another user.How exactly can i do this? - How can i "grant" "USER A" with permissions ( securely ) so that it doesn't needs a password, when running applications with "USER B", "USER C", etc.?
View 1 Replies
View Related
Feb 14, 2010
i'v heard it some where and i'm not sure what it mean is it ubuntu without ubuntu-desktop or without some more things?
View 2 Replies
View Related
Jun 2, 2010
I'm using KDE (Kubuntu) and I was wondering about integration of Firefox into KDE. I know that kmozillahelper provides this and so I installed it. But the thing is, I compile Firefox myself with some custom optimisations, so I don't use Firefox from the repositories.
The firefox from the repositories uses kmozillahelper but my compiled firefox (even the mozilla provided firefox) does not.
View 5 Replies
View Related
Mar 12, 2009
I'm logged in as root and want to run Add/Remove Software (Package Installer) but get the message telling me
Code:
Running graphical applications as a privileged user should be avoided for security reasons. Package management applications are security sensitive and therefore this application will now close.
How must I install applications? Surely the world is getting paranoid with all this hackers and viruses, because with every new version O/S, the security features gets more and more; up to the point that you can't fricken do and play around with your pc as you would.
View 2 Replies
View Related
May 1, 2010
I have trouble with opensuse susefirewall 2 and my own rules. since i have installed a suspicious download manager, i detect outgoing traffic in the monitor and i want to block ougoing traffic except some apps like firefox, jinchess ...
1) I had to modify FW_CUSTOMRULES="" with FW_CUSTOMRULES="/etc/sysconfig/scripts/SuSEfirewall2-custom" in /etc/sysconfig/SuSefirewall2
2) I had to add my own rules in /etc/sysconfig/scripts/SuSEfirewall2-custom in the appropriate hook
3) I don't know if rules are good.. they seem to work because for example jinchess can't access his server with the DROP rule until i add the ACCEPT rule BUT in fact the download manager still access internet and amarok too when it searches for songs lyrics ! i have discovered it's because the others apps use port 80
I give here the file /etc/sysconfig/scripts/SuSEfirewall2-custom
How to to make firefox use another specified port ? i wanted to use privoxy with tor but it doesn't work .. is there input/output controler on linux (something like zonealarm on XP) ? the trouble is that all outgoing traffic is permitted by default!
View 4 Replies
View Related
Feb 5, 2010
I have always been amazed that despite the fact that the liveCD obviously has gparted on it, that it is doesn't install it. Why not?I understand it is a tool with which you can easily damage your system, but that's no reason not to give it to users, once its aready taking up space on the liveCD.
View 6 Replies
View Related
May 24, 2011
What is vanilla kernel and what distributions are using it?
View 3 Replies
View Related
Jun 13, 2010
I am trying to compile a new vanilla kernel on to my Ubuntu server system which has been freshly installed with Ubuntu 10.04 server 32bits. As this will run on a VIA epia-px5000eg mainboard with USB stick I want compile this kernel on a different machine on which is also ubuntu 10.04 installed. Unfortunately currently I experience difficulties when I boot kernel 2.6.34; it says "Kernel panic - not syncing: VFS: unable to mount root fs on unknown block" while if I load to original kernel that comes with Ubuntu 10.04 all works perfectly well. BTW reason I want to build a custom vanilla kernel is to trim down kernel to the necessary services I need as I am running a server that requires just the essentials. And it needs to support the VIA Epia CPU processor family ( C3, C7 or generic setting which is another hurdle which I won't discuss here ).
Hopefully one out there is able to guide me further as I type step by step what I executed. Thanks for your replies in advance:
Yet I hook up the VIA epia-px5000g with 2gb usb stick, a dvd drive and keyboard ( all usb ). Boot from CDrom and install a minimal system (<f4>) to usb stick. Partitioning part I set it to EXT4 and used full size thus no SWAP. Also mount option " noatime " has been set all to save writes to usb stick.
When the base system has been installed a user has been added, as well apt is being configured to install only security updates automatically. As services I want to run definitely openSSH-server so I can access remotely. Grub gets configured and system will be rebooted.
At this stage I configure the network interface to a static address so I do not need to check my router all the time which dhcp address Ubuntu is using if I want to access remotely.
Now the compile part starts, the ubuntu way. I log in to my other system and execute following commands accordingly code...
View 2 Replies
View Related
Nov 20, 2009
I just upgraded from 11 to 12 and then installed the Nvidia proprietary drivers from RPMFusion. Initially glxinfo wouldn't work because SELinux was stopping it from using an executable stack. Since the Nvidia drivers are proprietary and a fix may not be provided, I allowed this access to glxinfo with chcon -t execmem_exec_t '/usr/bin/glxinfo'
However it looks like every program using glx-utils also needs these permissions - so far I allowed Xorg, compiz and the Firefox video plugin to execstack. Can anyone suggest a fix for this - preferably one that avoids execstack for all those apps since its a security risk. If not how do I create an SELinux policy to automatically grant apps execstack while they use glxinfo or other nVidia libraries but not at other times.
View 2 Replies
View Related
Apr 9, 2010
I am trying to compile a vanilla kernel that I got from git in a VirtualBox VM running Fedora 12. With RHEL (albeit on real hardware, not a VM), I am able to do a make; make modules_install; make install and simply able to boot up the kernel. The make install step, in particular, creates the initrd using /sbin/installkernel, which also updates the grub configuration.
Under Fedora 12, my new kernel does not boot. I see no messages on the screen, not even if I change the boot command line to remove quiet bootup. I see disk usage on the VM and the CPU gets pegged at 100%. Strangely enough, if I change the initrd to refer to an existing, Fedora-provided kernel, I can boot my new kernel without any problems. I started with a Fedora kernel config and used it to generate the config for my new 2.6.33 kernel, so it couldn't be the case that I missed something in the config either.
Does anybody have an idea about what could be going on? Is there some specific patch that Fedora kernels use that are essential for booting up?
Also, the guest Fedora OS is 64-bit, if that is relevant.
View 2 Replies
View Related
Jul 7, 2009
I've newly installed Lenny and I find that xterm doesn't have tabs or pretty colours. Vim is also colourless. Is this a conscious effort by Debian to strip back the install to it's most utilitarian? Or am I using the wrong versions of each app?
View 3 Replies
View Related
Oct 17, 2010
I've downloaded 2.6.36-rc8 vanilla kernel, then I copied .config file from my current working kernel 2.6.32.21-168.fc12.x86_64, then I've configured, compiled and installed kernel like this:
Code:
make gconfig
make -j4 all (or make all)
make modules_all
make install
The last command edits my grub.conf file and writes this:
[Code]....
I checked my .config and ACPI, and File Systems are built into kernel and not loaded as modules... And, I have LVM but my /boot partition isn't in it, so I don't HAVE to use initrd, right? How can I boot from a vanilla kernel without initrd ?
View 11 Replies
View Related
Jun 29, 2011
Im using a Fedora 15 and im trying to compile a 3.0.0rc5 kernel. but im unable to get a config for my machine to boot up. i tried make localmodconfig it says
using config: '.config'
capifs config not found!!
Restart Config
and then i tried cp /boot/config-2.6.38.6-26.rc1.fc15.i686.PAE .config to override the default config but stil that doesnt work. work around to get a proper config so that i can boot the latest kernel here?
View 1 Replies
View Related
Apr 29, 2010
I thought I would give some instructions on how I compile my kernels. My long-time windows user parts trader recently asked me how to compile a kernel on Fedora. He was confused with all the tutorials requiring you to build an RPM, so I showed him how I do it, the standard/easy/lazy way. Before I start, here are a couple things I assume. I assume you are a Fedora user and that you are NOT in text mode, but in GNOME. I also assume you realize that this can take up to SIX HOURS on an old Pentium 3 1.3Ghz. Remember that some proprietary drivers as well as some free ones are not included in the kernel, so make sure you don't delete your existing one.
First get the dependencies you need.
su -c "yum -y install gcc ncurses-devel"
Next get the kernel source. I use 2.6.33.3 as an example. To download it, click here.Extract it by right-clicking on the file and then choosing extract here. This will take about five minutes. Now open a terminal, become root, and cd to the directory linux-2.6.33.3. It is important to cd here and not to the kernel directory inside of there, even though make has an extra variable that specifies there.
Now we need to configure the kernel before we build it with make O=kernel menuconfig. It will take a couple minutes to set up, then you will be presented with a cheap psuedo-gui in your terminal. Just select exit and yes to save your config. You usually don't need to change anything here.
Ready to compile and install? Remember this can take up to six hours, and your machine may become VERY slow. It is not recommended that you attempt to use your machine with this in progress. OK then. As root, in the same directory, type:
make O=kernel && make O=kernel modules_install install. This will compile the kernel and install the kernel and it's modules. Done? Now change the kernel and initrd in your bootloader to match the new kernel. If you ever want to reuse the same source code folder, use make mrproper to clean things up and build it again.
View 6 Replies
View Related
Apr 30, 2011
Some minimized apps no longer appear in the top menu and by that are no longer accessible.For example firefox with the minimize addon or Jungel Disk backup service.How can I reach apps that minimized them self and are not shown in the top menu?
View 2 Replies
View Related
Dec 13, 2010
which vanilla kernel version provide support for QM57 chipset?
View 1 Replies
View Related
Apr 30, 2011
I've getting strange build errors when using make-kpkg with the latest (2.6.39-rc5) vanilla kernel.I'm using the procedure outlined here:
https:[url]....e.g.:
Code:
make oldconfig CONCURRENCY_LEVEL=`getconf _NPROCESSORS_ONLN` fakeroot make-kpkg --initrd --append-to-version=-custom kernel_image kernel_headers
I'm getting the following build errors:
Code:
Building modules, stage 2.
MODPOST 3053 modules
WARNING: modpost: Found 60 section mismatch(es).To see full details build your kernel with:'make CONFIG_DEBUG_SECTION_MISMATCH=y'
CC arch/x86/crypto/aesni-intel.mod.o[code]....
There is even much more error output but it looks like it is basically the same issue.
View 2 Replies
View Related
Nov 29, 2010
i want to compile the vanilla kernel 2.6.37-rc3, but i want to obtain a .rpm file. I found this guide long time ago (i used it many times) but it use src.rpm package and the contained kernel.spec file have many lines for adding patches. Someone know where can i download a kernel.spec for vanilla kernel or a guide to obtain an rpm file
View 4 Replies
View Related
Jan 19, 2010
ubuntu 9.10 login panel is worse with respect to ubuntu 8 since now all the users with names are shown without a way to hide them!Why don't keep the old way at least as an option?
View 5 Replies
View Related
Oct 15, 2010
To avoid having to input a password for the keyring each time I connect to the net via wireless, I enabled the 'Available to all users' option in Network Manager. Now, my question is this. Are the 'users' it refers to just those created on this machine? Would a drive-by be able to use my network without entering the password?
View 3 Replies
View Related
Jan 17, 2011
1. I understand you can protect your files or directories in your website by setting file/directory permissions. The meaning of r w x is clear to me, but I'm not sure how to proceed... Starting with the index.html file, if I wanted to make it so that anyone in the world can read it but can't modify it, do I set its permissions to rwxr-xr-x? If I set it to rwxr--r--, would that mean the file couldn't be served? I mean, what does the x setting do on a .html file, how can a .html file be executable?
2. If file permissions work on the lines of owner-group-others, in the context of a website, who is 'group'? As far as I can tell, there's only the owner, which is me, and others, which is the world accessing the site. Am I correct in thinking that by default, say when creating a website on a shared hosting server, there is no group unless I specifically set one up?
3. My ISP allows the DynDNS.org service, meaning that I could serve a website from my home. It's too early to go that route just yet, but for future reference, I would like to ask about the server software called Hiawatha. It is said to be secure, but having read some evaluations of it, it doesn't seem to offer anything that couldn't be accomplished with Apache or Cherokee, it's just that its security settings are simpler and easier to configure. Am I right about this? Or does Hiawatha truly offer something that the other major server packages don't?
View 9 Replies
View Related
Aug 31, 2010
Perhaps I might be a minority demographic here, but I am. Is there a way and how? Ubuntu Software Center doesn't seem to have this option. I come from a long history of being a Windows power user, and I am picking up pretty quickly with this stuff. I find QT ones leave little screen droppings and it bugs me to no end. Some might not, but I like it to be kind of GTK pure. If I wanted a QT app I would have picked Kubuntu with KDE. I admit that it is kind of cool that you can run an app from another desktop and vice versa. I am not trying to start a flame war, nor am I dissing any of the developers that may have made some awesome QT application I may not know about. Is there another software center like thing I can install that at least combines all the QT and GTK ones into separate groups rather than making me fend for myself?
View 4 Replies
View Related
Sep 14, 2010
What apps use RAM and which ones use SWAP?
View 8 Replies
View Related
Sep 15, 2010
I use some kde applications in gnome such as k3b, basket notes, kover kreator and amarok. These pull in a large amount of dependencies and need the occasional tweak to get them running smoothly. Although I prefer the gnome desktop would I be any better installing the kde desktop and then running the applications from the gnome menu? Would there be any advantage to this rather than installing them individually into gnome?
View 5 Replies
View Related
Oct 11, 2010
I've been searching all over ubuntu-land the last two hours for anything about configuring Unity and I'm coming up a little short. Can anybody point me to some documentation that I may have missed?
I figured out how to pin apps to the sidebar, but I'd like to configure the "Favorites" folders and just see what other options can be customized.
I would have thought right-clicking (anywhere) would have helped, but I get nowhere.
View 9 Replies
View Related
Dec 12, 2010
how to add apps to the launcher?
View 5 Replies
View Related
Jan 5, 2011
After a fresh install of Ubuntu 10.10 (and all updates applied) any(?) KDE app causes Ubuntu to crash. (X restarts and the login screen is presented.)This happens immediately when opening kolourpaint, after clicking add file in krename, and after clicking "ok" to set up krusader for the first time.
View 6 Replies
View Related
Jan 12, 2011
firefox plays sound in videos, system bell works at startup and shutdown, and i can play a test sound in "system settings --> multimedia --> phonon". but in several other apps, sound doesn't work, e.g. thunderbirds makes no sound when new mail arrives, although beeping is enabled, it only shows an alert; the same in my chess program. it all worked fine in kubuntu 10.04, now i have kubuntu 10.
View 9 Replies
View Related
