Ubuntu Servers :: Put A Few Login Restrictions In Place?
Jun 3, 2010
I've got Ubuntu server 10.04 set up and I wanted to make a few restrictions. It's pretty much just acting as a VMware server at the moment, and there are some users I've created who I only want to be able to be able to log into the VMware infrastructure web interface. I want to make sure these users can't log in via SSH, FTP, or the console itself. I understand how to block them from logging in via SSH by using DenyUsers, and I added these users to the /etc/ftpusers file to lock them out of FTP, but how can I block them from logging in at the console itself?
I tried locking the user out by editing the /etc/passwd file, but the problem is that by doing this, it also prevents the user from being able to log into the VMware web interface.
The user's entry in /etc/passwd looks like this: bsmith:*:1005:1005:Bob Smith,,,:/home/bsmith:/bin/bash
I have a server with two active network interfaces. On one, I need ssh open for all users (it's running LTSP, and as I learned the hard way today, blocking ssh kills LDM access).
On the other interface (which connects to the rest of the network), I only want to allow a few administrative users to connnect.
Is there a way to do this cleanly using sshd_config or PAM? I don't want to do something hacky like running dropbear.
Been trying for some time to get Postfix to not allow some internal users to send email externally. I have found some good resources online but none of them work. The user is still able to send email internally and externally.
I used the following web pages to assist me... [URL]
Below is my main.cf # See /usr/share/postfix/main.cf.dist for a commented, more complete version # Debian specific: Specifying a file name will cause the first # line of that file to be used as the name. The Debian default # is /etc/mailname.
I have disabled root login in my remote shell and I have a pretty strong password. I am not happy though. I want to increase security. I've been thinking about installing some basic tripwire rig, like say, send myself an email every time I (or anyone) log in. My questions:
- What kind of data would be useful to be sent in that email? Anything else besides "user so-and-so logged in at {date and time}"?
- How would I achieve that? Is it enough to include it in .tcshrc (because my shell is tcsh)? Should I add it to other shells as well (.bashrc, .csh etc.) even though nobody uses the other shells? Is it better placed in some other file, like .login? What is the optimal place?
- Would that be enough? Can I make that whole idea more secure in any way?
got my server up, installed FTP and all those goodies. And then i got some fun. Index.HTML shows perfectly. But when i place an Index.PHP, i get nothing at all.I get this error actuallyServer error.The website encountered an errorretrieving http://192.168.1.102/. It may be down for maintenance or configured incorrectly.Here are some suggestions:Reload this web page later. More information on this error
What is the most proper place to mount a NFS share? I have an NFS server that shares up data to my network. Should I mount it under /mnt/NFS, /media/NFS, or /home/user/NFS? Under /mnt, I notice that a disk icon does not appear when using Gnome.
I run Debian on my old computer to use it as a server. Everything is configured properly so that it functions as a web server. Now that summer comes closer I will not be home most of the time and I was thinking to use part of my server to upload/download files. Is there some nice package that provides an easy interface for such a task? I am reffering to something like the wikimedia package but for just downloading/uploading files.
I have a problem regarding the ubuntu enterprise cloud. I have installed CC,CLC,SC,NC and a client and logged into thje user interface using my browser for the first time with bith username and passwd as admin and downloaded the credentials.But now as I try to login with the same username and passwd, it says that its an invalid login. I understand we have to change the password on the first login but i don't remember doing the same.
I tried recover password option and gave the user name as admin and email address as my gmail id. It says that I have to follow the instructions sent to the mail, but there is no mail sent I have done it like 5 or 6 times with different mail ids
I'm hosting a server with Ubuntu 10.04. I've stumbled upon a strange problem.The server seems to refuse any login attempts, either with SSH or via a TTY after a reboot. After a couple of minutes (about 10 minutes or so) I able to login. The memory usage isn't high at login nor the system load. The auth.log doesn't show any login attempt before.problem? Or does anybody have a suggestion I could try to fix this?
I try to understand the reasons for restricting DVD and MP3. My conclusion so far is that DVD is restricted due to software patents (and the DMCA). The software decoding DVD is open software, though. What is the situation regarding MP3? It is also restricted. Is it due to the same kind of software patents? As I understand, the MP3 codecs are not free software (like DVD)?
I have an Apache, PureFTPd, PHP5, and MySQL server setup and running. I'm running several scripts that require folder access of "var/www" in order to accomplish the scripts duty. How do I remove and/or work around the security measure?
How can I get rid of all policykit restrictions that fedora 13 has? I just upgraded from fedora 10 and of course my freenx sessions are again unable to do anything useful like mounting a drive. Difference is no GUI now to help fix this. So I would like to get rid of all restrictions.
Is there a program available that would allow me to create an index in a pdf file that has no security restrictions on it? I know people can lock there files so I am not worried about thise but if I have open permissions on a pdf file how do I go about creating an index. It seems that by default you get the thumbnail view but I like to be able to click on a index list to go to a page.
I usually use .htaccess to restrict access to directories. But what if I just wanted to secure a single php file? Is there some sort of code that would allow me to say ONLY THIS IP can access this PHP file?
i have jsut setup a kvm virtual machine on my server. to connect to the VM from outside of the network i use ssh tunneling. what i would liek to know is if there is any way to create a new user with jsut ssh access. i dont want people to be able to edit files in ~/ or such. jsut need the user to estabilish the connection to the server
I like the server login information that gets displayed when you login to a 10.04 server. It lists disk usage, CPU usage, Temperature etc...
Unfortunately I had problems installing 10.04 from a USB. At the end of the process the master boot record was stored on the USB and not the hard disk.
But now when I login to my server I don't get the server information.
I have searched for days on Google and can't find a clear answer to my question. I have a NT4 PDC which I am migrating to Samba 3 (Version 3.4.2-47.fc12) on FC12 with kernel(2.6.31.5-127.fc12.i686). I am using tdbsam as my passdb backend.I setup Samba as a BDC and then joined to NT4 Domain succesfully. When I go to vampire the accounts I get lots of errors and some user accounts get transfered over. It turns that all the user accounts that transfer are those that don't have a capital letter in their username on the NT4 domain server. Most do and don't get transfered. There seems to be errors with my groups and Computer accounts.Is there a way to change the requirements in Fedora 12 for username, groups and computernames?
I have a work network of about 20 boxes most of which are running Windows 7 and one of them is a file server using linux and another is Windows server 2003. Now the local IP is distributed by the router, and no regulation of internet access is done by any of the servers.What I need to do is restrict internet access to select domains, which would probably need DHCP through linux(I think, not really sure), and I need something simple like a 'blabla.conf' file with the allowed websites that I can edit. need to know how to regulate IP addresses through the linux box (all details if possible, I never tried to do that before), and how to restrict internet access also through linux.
I have a computer with two interfaces (eth0 and eth1), eth0 is connected with a local network and eth1 is connected to the internet, also it implements a NAT in the interface eth1. Nevertheless, I'm trying to create spoofed packets with sockets raw in the computer that runs the NAT and send the packets to the interface eth1. The problem is that the NAT is changing the IP source to the real one before send the packets. So, anyone have any idea how can I implements the NAT in eth1 but only apply the NAT to the packets that are from/to eth0? I was thinking in something like (I am really newbie with iptables):
While I successfully configured an IPsec-VPN (I use a similar tho modified setup like this:[URL].. I am now stuck on the next steps. While I can connect to everything I want, I need to configure "access-groups" and/or "users".
The scenario is similar to this: Lets say Host A, B and C allow SSH-Connections and some weird non-standard UDP-Connection from Host-VPN, and are also accessible on other ports with public IP's (like http).
I now want to limit, that an admin-user has access to all of them, while trainee-admin only can access everything on Host B and C, and CEO only can connect via telnet to Host C - and all users can be roadwarriors
(I made this example up to give you an idea what i'm trying to do - hope it makes sense). Now my question is, if someone can point me towards a direction, as I'm quite clueless at the current moment as to what to try. I know that commercial IPsec-Implementations can do this, but can OpenSWAN/... give me something similar?
I am using internet web control through squid... All is working fine only some little bit issues.
(1) Sometime when i tried to open google.com or any site I got message (The requested URL could not be retrieved) Screen Shot Attached.) but again after sometimes same websites will open.
url
(2) I would like to block word 'sex'.. So I have edit squid.conf with the following acl
acl Blockword url_regex sex http_access deny Blockword
but problem occur in some websites where 'sensex' word found in url. Then squid block 'sensex' url content website also..
I have a user that has already used up a demo 24hr trial on my website. At present, I only check the customer id and the IP address to search for duplicates. On the whole this works but it's not foolproof. We now have 1 user from China that is changing their IP address everyday to get access to the free trial. Any options on what to do? I thought of downloading a cookie to their computer that the website could pick up - again not foolproff but most people don't disable cookies. Any other options?
I could ban China temporarily until the user gives up but if they find another proxy to chain then their IP address will be different again.
I have searched other post on here and they appear to be relevant but when I enter in the exact same commands it denies relay access to everyone. I have also used the postmap command to refresh the database.
Below is my main.cf # See /usr/share/postfix/main.cf.dist for a commented, more complete version # Debian specific: Specifying a file name will cause the first # line of that file to be used as the name. The Debian default # is /etc/mailname.
