In my office i want to setup a Linux machine for public usage , in this machine i want to restrict/deny access to certain applications (ex:- k3b, xterm , pdf reader etc) for certain users/group of users as per the office policies.
1)By what method/procedure i can achieve this objective ?
I have a desktop (picard), and I want to be able to connect to it from my sisters laptop (zuma) to quickly scp files from my machine to hers. At the same time I don't want the whole world to be able to connect to my machine via SSH. We're connected through a router. I've tried adding the line
"ListenAddress 192.168.0.0"
to /etc/ssh/sshd_config, but this prevents me from being able to connect to my machine from another on the network. From my understanding of the ListenAddress directive, I would assume "ListenAddress 192.168.0.0" would allow my sister's address through (192.168.0.192).
Am I missing something?
I have a small home network with a router to the outside world and an ubuntu server through which traffic passes first.My ISP limits my download usage during the day, which traditionally has not been an issue, but now the children come in from school, boot up the internet and up goes my usage!Ideally I would like to be able to restrict them to IM and maybe certain specified URLs (I think the latter probably needs to use Squid though?). Once the download limits are lifted, I would like my iptables to allow HTTP, etc, but pretty much block most other things.
I have two sets of iptables currently to approach this issue, with a cron job that runs to swap between one and the other.Chains run in order, so if rule A says allow x, and rule B says drop all, then X should still be allowed. However, try as I may, this is not what happens in practice. I have even tried changing the overall order from ALLOW to DROP in FORWARD and then approach from the other angle. That didn't work either. *IS* it actually possible to block all but http / https and IM? These are myrules:
Code:
# Generated by iptables-save v1.4.4 on Sat Jan 9 19:15:49 2010
*nat
:PREROUTING ACCEPT [583:45175]
:POSTROUTING ACCEPT [694:60887]
:OUTPUT ACCEPT [143:18642]
[code]....
I have an internet and mail server installed CentOS, and I want to restrict client machines to access a certain website, e.g. if i want restrict users from accessing the website: www.mydomain.com, How do I do it?
View 6 Replies View RelatedIs there a way to restrict users that are logged into the shell via SSH/Telnet/SFTP from using the 'cd' command to move into certain directories, yet not use the chmod command to do it? For instance, restrict users logged in from accessing the /var/www/ folder but have it still accessible using a web browser. Also, would this defeat the purpose since they could just wget from it if its still web accessible through a browser?
View 8 Replies View RelatedEvery developer in our organization has access to a single development server and all development ( other than basic experimentation ) is done on this server. This is primarily because there are several interdependent systems and having copies of these systems on each developers machine slows that machine down to the extent of making it completely unusable. All developers access this development server using ssh. Of course this implies that scp will also work as the sshd daemon is running making data vulnerable.
We are currently attempting to secure the code and data on this server from unauthorized copying and transfer.
Currently I am attempting to set up virtual machines on each developer machine that can then be used to connect to the development server. I have created a shell that does nothing but allow for the typing of one command that simply transfers ( ssh login ) the user onto the development server.
I am using virtualBox and ubuntu mini to achieve this.
Problems: The first question is if this is a reasonable way to achieve what I am attempting to. Is there a better way?
The others is more in terms of the set-up: I am attempting to resize the virtualBox console. I tried this by editing grub. Although I am able to resize the screen at start-up the entire screen goes back to ( what I believe is 800x600 ) after the Ubuntu splash screen.
The virualBox seems to have completely messed up the keyboard detection how can I rectify this?
The other is regarding the restricting of shell access I have currently done this by removing access to /bin/ for normal users. Is this secure enough or is there a better way?
i installed tomecat6 in Linux server i deployed xyz.war file and jkmonunt in Apache this is for out side usage recently i deployed one more war abc.war i din't mount in apache this is internel application usage purpuse in my application i tried to call this abc.war (http://X.X.X.X:8080/abc/abc.war) but i am unable to access this folder i checked the iptable rules i gave access permission in 8080 port.
View 2 Replies View RelatedI got two web apps in my single linux box, they are Wiki and Mantis the screenshot of the web apps directory shown below.I have created the DNS CNAME record for this server which point to the main server SV6.somehow i got error after i edit it and restart the Apache server.
View 2 Replies View RelatedJust upgraded from v11.0 to v11.2, in fact its still updating the update. I had a number of web apps in folders in my htdocs, whic I cannot access at the moment. They are still there, I just cannot Access them. Has anyone struck the same problem. I know I had this problem about 12 years ago, but being older and senile I cannot remeber what exactly it was. Real important as it contains php scripts which create xml data files for upload to web pages, so would like a quick fix if possible?
View 7 Replies View RelatedI have a SSD that is a SATA-IF YOU NEED MORE INFORMATION PLEASE DO NOT HESITATE TO CONTACT ME. and can run at 3.0 Gb/s - in the error log it is being restricted to 1.5.... I have no propritary drivers, (apparently) that need updating - is there anything else I can do to get the full speed?
View 3 Replies View RelatedSome minimized apps no longer appear in the top menu and by that are no longer accessible.For example firefox with the minimize addon or Jungel Disk backup service.How can I reach apps that minimized them self and are not shown in the top menu?
View 2 Replies View RelatedI have searched somewhat this forum but haven't yet found a similar post using the keywords I entered but perhaps there is already a similar post then please refer me to it.I am trying to add a user account "Guest" to allow people on my laptop without giving them access to vital parts of the computer. Basically, I want them to only be able to view their own home directory and access internet. Nothing more.I have set the group to "guest" and changed the other home directories of other users to owner access only.
Guest still has access to root and is still allowed to perform actions in various critical areas (deleting files from for example my Windows 7 partition). This I also want to prevent. I was thinking to set each directory's permissions to Owner and Group only and remove Others access.My questions:
1. Will this have any undesirable impact (programs of main user accounts not able to access certain directories)? For guest user I don't care as long as internet works.
2. When I start User Manager and disable for Guest all options except "access internet" (so I also disable access to CDROM), the guest can still access the CDROM. Does this mean the User Settings menu has no effect or is overruled by something?
We set up a server with my friend (still newbies ) a couple of months ago using Ubuntu 10.04 LTS server edition and agreed to let some folks at school to use it to install drupal on it for teaching and learning purposes. So the idea is that there are multiple users that all install drupal in their home folders separately using SSH and continue from there on etc.
Everything is set up for that to work (domain, settings etc), but there's one thing nagging me, and that's how everyone can look at everything on the server. They dont have rights to modify anything but can look at file listings and view inside files etc.
So how do I restrict the viewing rights of users to inside their home folder, BUT so that they can use the cd command to go to folders inside their home folder, but not outside of it. As far as I know rbash purely keeps you inside home and allows nothing else, so that doesn't work, because you need the cd command.
I have setup firefox for certain users, with specific extensions. I would like to know which directories to restrict so that no new extensions can be installed, but the currently installed extensions will be able to update without a problem.ba
View 1 Replies View RelatedI wanted to restrict users within a particular folder say /var/lib/tomcat/webapps. I want the users to see all subfolders inside webapps and work with it (edit+read but no delete). I understood that chroot is the way, and i read this [URL] community discussion, but what i understand out of it is, they are trying to give a complete working installation of ubuntu to the user within a directory which i dont want to.
View 3 Replies View RelatedI'm trying to write a script that uses the 'du' command to make essentially a text-based filelight type program. It should scan the current directory for the file's sizes and display them in order largest to smallest (or vice versa). The user should be able to go throughout the file tree and see child directories scanned for the sizes as they're accessed. I just need to know one more thing- how can I restrict the displayed results to the current working directory? would a grep for the output of pwd suffice? just getting some thoughts before i try and possibly dig myself a hole.
View 1 Replies View RelatedI hope I am in the right forum. I have a question about restricting users from being able to change their own passwords in Fedora 10. In Fedora 6, I was able to do this by using passwd with -n and -x flags. If I would set the -n value greater than the -x value, then the user would not be able to change his/her own password. If I do this in Fedora 10, this no longer works
View 4 Replies View RelatedI need some kind of step by step process to restrict my users to only have access to directories that I specify ? For example user joe can only access his home directory, read access to /tmp and read access to /var/log/httpd
View 1 Replies View RelatedI have a few small lists created in mailman, and I want users to be able to receive, but not post. Where do you find this setting?
View 2 Replies View RelatedI want to limit the amount of connections a user can make outside of the box per user group, should I be doing this via iptables or what? aka:
group1 can only have 2 simultaneous outbound connections
group2 can only have 8
I've got a question about chattr command. is it possible to restrict a root access for this command. what i want is something similar to freebsd behaviour aka the kernel secure level. setting a particular security level results in limiting some operations (i.e changing immutable flags on files) by root. well, if someone gained an access to a machine in some way, nothing would stop him changing the file's flags. so the question is if it can be achieved with selinux?
View 2 Replies View RelatedI'm trying to restrict a particular ssh user to his home directory, I'm just giving him access so that he can ssh to another server that is only accessible from the former but restrict his movement so that he can't poke around the former.I already made some changes to sshd_config file and added the following line at the end:
Did some test, user joe can ssh to the server but unable to do anything aside from logging in, even a simple ls command will immediately close the putty session. I know I'm still missing something but don't really know what it is.I also tried this how to that uses rssh --> http://www.adamhawkins.net/2009/05/r...ured/#more-431 however when I login the session immediately closes.
i want to Restrict a particular user from creating a file beyond a prticular size.ie he should not be able to create a prticular size [say 10mb] but he can use upto 10 gb.[ not the quota space i mean]
View 6 Replies View RelatedI run a system that users may log into either remotely or physically. Multiple users may be logged in simultaneously because of the remote access, but only one user can be physically logged in at a time.With the current setup, however, if the physical user inserts a flash drive (which the OS mounts automatically) then the remote users gain access to the removable media.
View 6 Replies View RelatedHow to restrict some uses to send mail to outside domains except local in sendmail.I am using ( CentOS5 + Sendmail )
View 2 Replies View RelatedI have set up a small Mesh Wireless Hotspot at a local Flea Market. My plan is to add in one of those HotSpot services for billing and such..ut until I have enough users to justify that expenditure, I am just going to manually set up accounts.The system is all up and running as an OPEN SYSTEM. Users are able to access the net just fine thru my existing setup.My question is, how can I create user accounts so that users of my wireless network will have a username and password that they can log in with
View 11 Replies View RelatedI want to restrict the Visitors to my Webserver whom i want to give access But the persons whom i want to give access. have Dynamic IP. I want to use DynDNS and update IP address of person. Based on the Hostname Pointing to Dynamic address of person.
View 5 Replies View RelatedPerhaps I might be a minority demographic here, but I am. Is there a way and how? Ubuntu Software Center doesn't seem to have this option. I come from a long history of being a Windows power user, and I am picking up pretty quickly with this stuff. I find QT ones leave little screen droppings and it bugs me to no end. Some might not, but I like it to be kind of GTK pure. If I wanted a QT app I would have picked Kubuntu with KDE. I admit that it is kind of cool that you can run an app from another desktop and vice versa. I am not trying to start a flame war, nor am I dissing any of the developers that may have made some awesome QT application I may not know about. Is there another software center like thing I can install that at least combines all the QT and GTK ones into separate groups rather than making me fend for myself?
View 4 Replies View RelatedWhat apps use RAM and which ones use SWAP?
View 8 Replies View RelatedI use some kde applications in gnome such as k3b, basket notes, kover kreator and amarok. These pull in a large amount of dependencies and need the occasional tweak to get them running smoothly. Although I prefer the gnome desktop would I be any better installing the kde desktop and then running the applications from the gnome menu? Would there be any advantage to this rather than installing them individually into gnome?
View 5 Replies View Related