Ubuntu :: Puppet Configuration Of Security Services
Jun 30, 2011
I'm trying to avoid having to migrate my machine to Fedora: it's either learn to clone some existing Puppet manifests from Fedora to Ubuntu, or move back to Fedora. I'm running into several problems, including parsing errors for rules that work for Fedora and fail for Ubuntu, presumably because the version of libaugeas-ruby is older for Ubuntu (0.3.0) than Fedora (0.4.0). For Ubuntu, these rules fail with "Could not evaluate: Could not retrieve information from source(s)". Another one is a failure of augeas to use the 'ins' command to insert a rule into krb5.conf. I can't think of any good reason for these other than the older versions of the libraries render Puppet unable to parse properly.
At any rate, I was wondering whether anyone has had experience and success controlling security services in Ubuntu (Natty), such as krb5, pam, screensaver locking, etc. I should be able to hack my way through these, but I keep hitting walls like the evaluation error above.
I have installed a puppet server and its client on Centos.Puppet server and its client is running fine and its update whatever changes made on Puppet server is updatedon its client but i am unable to execute script (Bash shell)on the client through Puppet server. So please advice a suitable class or parameter for Puppet server so that it could execute on its client
I have been trying to get my Samba 3.x NAS to connect to my Windows XP laptop. I can see the server though I cannot open it and see the shares. I have run various tests on the network and Samba (ping, smbclient) though still cannot find why I can't connect.
I can access the NAS via webmin, so I am thinking I need the security or the services settings on the XP machine. Is there a list somewhere of the Windows XP services and security settings required to share files?
I have a few computers running linux and windows and I like to be able to telnet and to ftp but these services are not active I look into system settings but I can not find anything on were to start them.I already try using ssh but it just hangs and nothing happened also I tried to use the graphical app for ftp but same result host not reachable.
I'm running debian unstable and since there was the switch to dependency based boot I can no longer control my boot services.I used to suppress the services that I use rarely during boot with: sudo update-rc.d -f myservice remove This arranged the links in /etc/rc?.d and everything worked.
Now this command only says: update-rc.d: using dependency based boot sequencing.This seems to work until I upgrade the service to a new version and it is enabled again.Do you have any idea of how to disable boot services permanently with the new system?
I'm trying to control access to different services on an Debian server using /etc/group. So that a user I create for FTP usage doesn't fill up my server with IMAP folders or samba garbage.
Services like proftpd have:
AllowGroup ftpgroup
sshd have
AllowGroups sshgroup
And samba have
valid users = @smbgroup
But I can't find the correct option in Dovecot (/etc/dovecot/dovecot.conf) Do anyone have the magic option or a workaround thats doesn't envolve maintaining seperate user databases and password?
I was wondering if there is any way in Linux in general and Fedora 13 in particular to configure system so that any service that needs access to internet will have to ask for password/permission to do so. So that I can
I'm looking for a script that can look for illegal scripts/services that are being run on OpenVZ VPS from the host node. Things like IRC, EggDrop, Brute Force scripts and such.
Have been working most of the day on this usb full install (Jesiie xfce) trying to make it leaner/faster and trying to get rid of minor annoyances like "watchdog: watchdog0 is not shutting down" (couldn't btw), finally managed to disable "You have mail" by commenting out "session optional pam_ mail.so standard" in /etc/pam.d/login. Every little change registers in terms of seconds of boot time saved and how the system responds because, well, i'm booting from a usb 2 drive.Followed some suggestions from "Reduce Debian", removed cups-common, some foreign language locales and man pages. what i can safely do with systemctl.
Debian 2.6.32 Squeeze + GnomeI try to start System | Administration | Services and I get an error:The configuration could not be loadedAn unknown error occurredI turned on a whole bunch of different services and suddenly now I can't get back in to switch any of these on or off. I'm assuming there is some manual way of switching these off again, I just don't know where to do this.
is there a Debian way possibility to start services depending on the choice made on the (grub) boot prompt? As an example:
Workstation - starts all and everything but no hostap nor xend (run this at home) Workstation traveller - starts like Worksation except networking (run this in the pub Xen host - run this preparing some training courses Xen host HOSTAP - run this having the training course with a WiFi net for the class
I came from Gentoo recently and there is such a possibility. It is relatively simple to put a kernel option which the kernel does not recognize at the boot prompt. Such not recognized options will be sent through to init (and thus to the SysV init scripts) by the kernel and I could script this. What I am looking for is a the "official" way on Debian to do such things.
I have Apache Server working online under Fedora Core 6. But before I installed and configured everything, I've been testing in Fedora 12. The problem surges here, when I start the httpd service, every supuse 404 action on a web browser, takes me to localhost. I mean, if I enter google.com, no error, just goes to localhost, http://asdasd, no error, gives back localhost. I used to ignore the problem 'cause I thought it was a problem on my apache, but when I installed the Server on the Fedora Core 6 machine, I found that I have the same problem there. Of course, it only occurs when I am browsing through the same machine that has httpd started. Does anyone know how to change that??
I'd like to run a Tor relay, but am trying to understand the security implications. For some time I've run my torrent client in a VirtualBox virtual machine, which is run as a very non-prived user, bridges directly to The Internets, and writes to one directory on the host. My belief is this is about as secure as it can be, but am open to suggestion.If I run a relay in the VM it wouldn't be associated with my use of Tor as a client, which is fine since there is no technical need for them to be connected and it's desirable for security.I read that chroot jails can be broken, particularly when run as root, so I don't really trust that. Also studied a vserver, but it must share the network setup which doesn't strike me as isolated enough.
I'm trying to lower consumption of my server/HTPC. After wakeup from pm-suspend server/HTPC is ready to use in 1 or 2 seconds .For example if I suspend it while watching movie in KODI, after resume movie starts playing instantly. But some services (SSH and SAMBA) are not running. I thought it was network problem so I change configuration to static (not DHCP). SAMBA and SSH starts like 15 seconds after wakeup.
I'm having problems with hackers from across the globe trying to get into our servers. Why? i have no clue. nothing of value in my servers worth getting.
Right now my service only does business with USA. So I'm trying to find a way to block all Non USA traffic. I called my hosting provider and they are unable to help. Said it was up to me to do this.
Well I've already taken care of the TCP Wrappers. by spawning a small C program i made that uses MaxMind's GeoIP system. to automatically deny access. Now i need to do something about all the other network connections that come in to services that do not use the TCP wrappers.
So i was wondering if IPTABLES have a way to spawn a sub proccess like TCP wrappers or if there was any other firewall software out there for linux that would let me achieve my goal.
I want to simplify some of my rules, so I want to create rules for certain services like xmpp, web, etc. since some of them use multiple ports, and I toggle them on/off a lot. Can I simply put the jump to rule clauses in the Input chain, and once the sub chains run, does it return to the input chain after the jump to rule clause? I want to do this so I don't have a ton of rules in the input chain. I think that if I simply make a list of all the rules to jump to in the input chain, it will work itself through all of them until it finds a matching filter in one of them correct?
I'm using debian 5 x64 with xfce.Is there a way to configure (start/stop/restart) services (especially Apache2, mySQL and PHP) using a graphical or cli tool? I tried to use sysv-rc, sysv-rc-conf, rcconf and rc-conf in the terminal but Bash didn't find them (Although Synaptic show that sysv-rc is installed).
So I want to get mount/umount option under right click services menu. I went to Dolphin -> Settings -> Configure Dolphin -> Services -> Download New Services and from there I installed KDE CDEmu Emulator and MountISO. But neither of them is showing up in actual context menu. Neither in Dolphin -> Settings -> Configure Dolphin -> Services for that matter. I tried to install them as normal user and as a root. I went to have a peak in /usr/share/kde4/services/ServiceMenus/ but they aren't there as well... It's just me or lots of things seems to be not quite working in 11.3?
I'm trying to setup puppet to install and configure apache on several servers. Having found: [URL] I thought I was onto something. However I'm a little lost, does anyone know of or can anyone write a small howto on how to get this module working on certain nodes. My current state is puppet is running and connected to the puppetmaster. I can do simple things but the apache install have lost me a little.
I'm trying to setup puppet to install and configure apache on several servers. Having found:
[URL]
I thought I was onto something. However I'm a little lost, does anyone know of or can anyone write a small howto on how to get this module working on certain nodes.My current state is puppet is running and connected to the puppetmaster. I can do simple things but the apache install have lost me a little.
I have puppet running successfully on my CentOS 5.5 boxes. I just came across this guide to use foreman as a frontend for puppet. I am downloaded and installed (source files) from here.
facter-1.5.8 puppet-2.6.4
I have downloaded latest stable foreman RPMs from here. Now, when I am trying to install Foreman rpm, it is unable to find Puppet, probably because I have installed it through source file.
Code: [root@box1 foreman]# rpm -ivh foreman-0.1.4-3.noarch.rpm error: Failed dependencies: puppet >= 0.24.4 is needed by foreman-0.1.4-3.noarch
I would like to manage the firewall from the command line or with files VIA puppet, however this peice of software seems pretty complicated compared to the other distributions and generic iptables commands / configurations we push out.
I am doing a honeypot project, and after I install nepenthes: $ sudo apt-get install nepenthes
$ nepenthes
I find that there are no configuration files in /etc/nepenthes/, and only a signatures document.
I searched in the internet, all the install guides do not mention this problme, just say that if updating the nepenthes, the /etc/nepenthes/*.conf will not automaticly update.
I am going to wipe off Windows from my laptop & install only Ubuntu 11.04. Do I need to install a antivirus system, I know about the firewall form ubuntu software centre i.e. firewall confiiguration.
