I have a server with two active network interfaces. On one, I need ssh open for all users (it's running LTSP, and as I learned the hard way today, blocking ssh kills LDM access).
On the other interface (which connects to the rest of the network), I only want to allow a few administrative users to connnect.
Is there a way to do this cleanly using sshd_config or PAM? I don't want to do something hacky like running dropbear.
I've got Ubuntu server 10.04 set up and I wanted to make a few restrictions. It's pretty much just acting as a VMware server at the moment, and there are some users I've created who I only want to be able to be able to log into the VMware infrastructure web interface. I want to make sure these users can't log in via SSH, FTP, or the console itself. I understand how to block them from logging in via SSH by using DenyUsers, and I added these users to the /etc/ftpusers file to lock them out of FTP, but how can I block them from logging in at the console itself?
I tried locking the user out by editing the /etc/passwd file, but the problem is that by doing this, it also prevents the user from being able to log into the VMware web interface.
The user's entry in /etc/passwd looks like this: bsmith:*:1005:1005:Bob Smith,,,:/home/bsmith:/bin/bash
does anyone know how to set restrictions on the commands a user can run as sudo? i want to make it so they can only halt the system.
View 1 Replies View RelatedBeen trying for some time to get Postfix to not allow some internal users to send email externally. I have found some good resources online but none of them work. The user is still able to send email internally and externally.
I used the following web pages to assist me... [URL]
Below is my main.cf
# See /usr/share/postfix/main.cf.dist for a commented, more complete version
# Debian specific: Specifying a file name will cause the first
# line of that file to be used as the name. The Debian default
# is /etc/mailname.
[Code]....
I am having trouble setting up my second network interface on Ubuntu Server 10.04. When setting up the machine it did detect both cards but I only picked one to configure, and now I want to setup the second.
I went into /etc/interfaces and basically copied the settings for eth0 but changed the IP and the name to eth1. I then restarted.
Quite honestly it might be working! But when I run ifconfig -a I see no packets I see
Quote:
eth1 Link encap:Ethernet HWaddr 00:0e:0c:59:af:c4
inet addr:192.168.4.21 Bcast:192.168.4.255 Mask:255.255.255.0
UP BROADCAST MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
[Code].....
isn't that what "UP BROADCAST...." line means?
So perhaps my question is how do I test my 2nd interface? I tried using the 2nd IP with Putty (which is how I usually work on the machine) and couldn't connect.
I have an old PC that I turned into a server. I have Ubuntu 10.04 running on it. I am looking for some media server software that can stream .mp3s to multiple computers over a LAN. But, I would like a software that can stream through a web interface. I would like my family to be able to open a web browser and go to the server and play files by clicking on them.
View 5 Replies View RelatedIs there any web interface that I can install to remotely reboot ubuntu? It would only be accessible via a VPN or on the LAN so not too much worry over security.
View 3 Replies View RelatedAlright, here's the problem: I have a server going that was running 10.10, then upgraded to 11.04 with no problems, but when I reinstalled 9.04 (so i could muck around with GNUPanel), the install couldn't find the ethernet on the motherboard (which I had no problems with on 10.10 or 11.04). I'm a bit of a newb, but it seems to me that something is very wrong here because I can't get online. All of the other computers in my house are unaffected, so I think I can narrow it down to the device not being recognized, but beyond that, I'm lost.
View 3 Replies View RelatedI want to set up a home computer as server. I've installed Ubuntu Server Edition 10.04, and can access it through SSH. However, I would like to have a browser based interface for managing things, such as installing a phpBB forum and stuff like that. Also, I want my friends to be able to share files on my home server as well. I know I can do it by using FTP, but I would rather not have them to install a FTP program.
View 9 Replies View RelatedI have installed ubuntu server 10.04 sucessfully. But I'm new to ubuntu so I need graphical user interface(GUI). How can I install gui in ubuntu server 10.04.
View 5 Replies View RelatedI'm having an odd problem with Server 10.04. I have two interfaces but only one interface is brought up on boot - and it's not always the same interface. Usually eth0 fails and eth1 comes up fine, but sometimes eth1 fails and eth0 comes up. I'm using the same config that was previously used on Server 8.04, but never had this problem on 8.04.
/etc/network/interfaces:
Code:
# The loopback network interface
auto lo
iface lo inet loopback[code]....
Once the system has booted, if I run /etc/init.d/networking restart, then both interfaces come up fine. However, having read that this is now an upstart, I also tried service networking restart, but get:
Code:
restart: Unknown instance:
Don't know if that's significant or not.
Cannot find a single problem with networking reported in log files, other than bound services failing to start as a result of the interface not being up (dansguardian, squid, dhcp which are all bound to eth0, and therefore fail when eth0 doesn't come up. And when eth1 doesn't come up, the only process that fails to run is clamav-freshclam). Although at one point I did see something about interfaces being renamed which seemed a little odd.
I could just have networking restarted automatically once booted, but this obviously isn't a solution to whatever is causing the problem. There is quite a bit running on the server: Samba/LDAP domain controller with roaming profiles, squid & dansguardian with LDAP auth, postfix & dovecot with LDAP auth, mailscanner, dhcp & ddns, strict iptables policy with nat... so I'm not sure if any of those could have any bearing on interfaces?
2011-04-11 11:57:03 UTC I don't know what happening with my centralized log-server running octopussy. Currently it is working in a vmware setup with approx 980 Mb ram and is set in bridge mode. Currently is it set to receive logs from logs devices which are 4 in number one of which includes the core isg-1000 device. This setup is still in its test form....now what happens after some time (sometimes it taken days and sometimes just hours) when the connection (https) is suddenly lost to the apache and i can no longer access the interface. What happens more strangely my Ethernet interface gets shutdown on ubuntu. I have to restart the services by issuing /etc/init.d/networking restart.
Even at times it itself start receiving network packets on its own; without even restarting; i don't what the hell is wrong with the server. I cannot understand its erratic behavior. I need a sound and reliable Ethernet connectivity at all times because coz of loss of connectivity in my case would mean loss of logging functionality. I dnt want any time-gap in logging ...as im currently logging some highly critical devices on this server.
On Ubuntu Server 10.10 the second bond device won't come up. Someone please advise the correct configuration. Error message when I run /etc/init.d/networking restart:
Code:
SIOCSIFADDR: No such device
bond1: ERROR while getting interface flags: No such device
SIOCSIFNETMASK: No such device
SIOCSIFBRDADDR: No such device
bond1: ERROR while getting interface flags: No such device
bond1: ERROR while getting interface flags: No such device
Failed to bring up bond1.
[code]...
I succeeded to install Postfix on my box. I also installed mailman.I don't understand what mailman do. It's similar to SquirrelMail? If no can you guys recommend a web interface mail client like SquirrelMail?
View 1 Replies View RelatedI try to understand the reasons for restricting DVD and MP3. My conclusion so far is that DVD is restricted due to software patents (and the DMCA). The software decoding DVD is open software, though. What is the situation regarding MP3? It is also restricted. Is it due to the same kind of software patents? As I understand, the MP3 codecs are not free software (like DVD)?
View 2 Replies View RelatedI've set up a FTP server, but now I would also give the ability to users to access file through a web interface, like the ones you can find in many NAS.I there anyone that knows a software that do this? I can't find nothing useful.
View 5 Replies View RelatedI'm trying to setup nagios, and I've looked at several guides but none of them seem to address my problem.Here's the clearest guide that I followed URl...I followed all the instructions on that basica guide, except disabling SELinux. I changed SELinux rules based on URL...I'm not getting any AVC Denials, so that's not the problem. Nagios and Apache both start fine. If I go to my local IP, I get the standard Apache test page. URl...(address from all the guides I read) doesn't resolve.I know that Nagios is at least running from "service nagios status," and I have gotten two alerts emailed to me: swap alert (I don't have swap configured) and disk space.
View 5 Replies View RelatedI tried to install VPN server/client on my Linux machines. But the instruction document mentioned: "The following should work (assuming your outside interface is eth1 and your inside interface is eth0):". What is " outside interface" and what is " inside interface"
My machine showed this:
ifconfig -a
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:112 errors:0 dropped:0 overruns:0 frame:0
TX packets:112 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:7392 (7.2 KiB) TX bytes:7392 (7.2 KiB)
p2p1 Link encap:Ethernet HWaddr 00:21C:42:A4:19
UP BROADCAST MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
Interrupt:43
wlan0 Link encap:Ethernet HWaddr 90:4C:E5:68:91E
inet addr:192.168.1.225 Bcast:192.168.1.255 Mask:255.255.255.0
inet6 addr: fe80::924c:e5ff:fe68:91ce/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:3999383 errors:0 dropped:0 overruns:0 frame:0
TX packets:2067232 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:1021542186 (974.2 MiB) TX bytes:177511017 (169.2 MiB)
I have an Apache, PureFTPd, PHP5, and MySQL server setup and running. I'm running several scripts that require folder access of "var/www" in order to accomplish the scripts duty. How do I remove and/or work around the security measure?
View 7 Replies View RelatedI am looking for a program with a web interface to show my servers hardware status. hdd usage, cpu load, memory etc.
View 2 Replies View RelatedI had installed apache previously on my system, and I think I uninstalled it completely, although remnants might have remained. I have just installed zend server ce php 5.3, and I am having trouble getting it to work. When I log in to the admin interface, it told me it couldn't start the webserver, so I go to restart apache, and it gives me this:* Starting web server apache2 Syntax error on line 6 of /etc/apache2/sitesenabled/zendserver_gui.conf:Invalid command 'php_admin_flag', perhaps misspelled or defined by a module not included in the server configurationThis has to do with php_mod some how... but I am not sure how to fix this, or where to start, since I am relatively new to actually setting up apache.I thought this might have something to do with libapache2-mod-php... so I went to reinstall it, and ran this:
mburns@mb2449-laptop:~$ sudo aptitude install libapache2-mod-php5
Reading package lists... Done
Building dependency tree
[code]....
How can I get rid of all policykit restrictions that fedora 13 has? I just upgraded from fedora 10 and of course my freenx sessions are again unable to do anything useful like mounting a drive. Difference is no GUI now to help fix this. So I would like to get rid of all restrictions.
View 6 Replies View RelatedIs there a program available that would allow me to create an index in a pdf file that has no security restrictions on it? I know people can lock there files so I am not worried about thise but if I have open permissions on a pdf file how do I go about creating an index. It seems that by default you get the thumbnail view but I like to be able to click on a index list to go to a page.
View 2 Replies View RelatedI'm working with Opensuse 11.2 and KDE 4.3.5. I tried to restrict the run command (with Alt-F2) in the kdeglobals file:
~/.kde4/share/config/kdeglobals
[KDE Action Restrictions]
run_command=false
But there is no effect. With Opensuse 10.3 and KDE 3.5 it works fine.
I usually use .htaccess to restrict access to directories. But what if I just wanted to secure a single php file? Is there some sort of code that would allow me to say ONLY THIS IP can access this PHP file?
View 3 Replies View RelatedI set some restrictions in /etc/pam.d/system-auth, but they don't seem to be affecting anything.
/etc/pam.d/passwd:
Code:
password required pam_cracklib.so retry=3 minlen=8
password required pam_unix.so md5 shadow use_authtok
/etc/pam.d/system-auth:
Code:
auth required pam_env.so
auth sufficient pam_unix.so likeauth nullok
auth required pam_deny.so
[code]....
I dont want to allow the user winny on saturday and sundays. I added the following line in the /etc/security/time.conf file.
login;*;winny;!SaSu0000-2400
Then i added the following line in the /etc/pam.d/login file.
account required pam_time.so
this is the first line of that login file. But if i tried to login with the username winny it allows me to get log in. Is anything has to be change?
i have jsut setup a kvm virtual machine on my server. to connect to the VM from outside of the network i use ssh tunneling. what i would liek to know is if there is any way to create a new user with jsut ssh access. i dont want people to be able to edit files in ~/ or such. jsut need the user to estabilish the connection to the server
View 1 Replies View RelatedI have searched for days on Google and can't find a clear answer to my question. I have a NT4 PDC which I am migrating to Samba 3 (Version 3.4.2-47.fc12) on FC12 with kernel(2.6.31.5-127.fc12.i686). I am using tdbsam as my passdb backend.I setup Samba as a BDC and then joined to NT4 Domain succesfully. When I go to vampire the accounts I get lots of errors and some user accounts get transfered over. It turns that all the user accounts that transfer are those that don't have a capital letter in their username on the NT4 domain server. Most do and don't get transfered. There seems to be errors with my groups and Computer accounts.Is there a way to change the requirements in Fedora 12 for username, groups and computernames?
View 1 Replies View RelatedI have Fedora 10 installed. I want my users to be able to use any password they want. So I edited /etc/pam.d/system-auth, the password section.
Was:
Code:
password requisite pam_cracklib.so try_first_pass retry=3
password sufficient pam_unix.so md5 shadow nullok try_first_pass use_authtok
password required pam_deny.so
Become:
[Code].....