Security :: Controlling User Access On Redhat Enterprise?
Mar 15, 2011
Im am working on a system which runs on RedHat Enterprise I have been asked by superiors to see if the following is possible. (sudoers file config change i guess)
Example
User1 has root access
user2 has root access, but must not be able to access ctmag (user account)
I know the obvious here is that if user2 can switch to root then it won't work. But i just need to prevent user2 from su - ctmag. A password is set on the account ctmag, but as user2 has root access it switches without a password prompt
Is there anyway i can prevent user2 from switching to ctmag but still have access to root?
That would seem like an elementary feature to be able to enable only a few system applications access to the Internet. That would prevent trojans to download your HD for examples. I looked around and played with iptables but I couldn't not find anything that do the job. I loaded the xt_owner kernel for iptables but the --cmd-owner command is lacking. That was my holy grail but could not get --cmd-owner to work. iptables -I OUTPUT -m owner --cmd-owner "firefox" -j LOG --log-prefix "Testing " How can I protect my machine against the enemy within.
I want to limit what a authenticated user can do on my Linux server. I've set the default shell to rbash, but I know a knowledgeable user can switch shells. Can I use file permissions to deny execution rights to /bin/bash to anyone who is not in a particular group? And if that works, how do I find out what other shells are installed on my server (Ubuntu 9.10)?
I have now been trying to find an answer for the following for a while and can't seem to get anything.On previous linux distros we had the option available "passwd -e" which allowed us to force the user to change their passwords upon the next login.s functionality however seems to be excluded from latest linux distros (currently using RHEL 5.4)...Does anybody know how the same effect can be achieved and perhaps any idea on why this option was removed as it was great for securing passwords
Installing CVS on Redhat Linux Redhat Enterprise 4.0
The following steps give simple steps to install CVS software on Redhat Enterprise Linux 4.0.
1) Download the tarball cvs-1.11.1p1.tar.gz 2) Run "gunzip cvs-1.11.1p1.tar". You will get file called cvs-1.11.1p1.tar. 3) Then extract this file using command "tar -xvf cvs-1.11.1p1.tar". 4) Then go to directory cvs-1.11.1p1. 5) There you will find a file called INSTALL. Read it once carefully. 6) Now run the command "./configure." 7) Build it using the command "make". 8) Install binaries/documentation using command "make install". 9) Now open file called /etc/services and add the following lines. Cvspserver 2401/tcp # CVS client/server operations cvspserver 2401/udp # CVS client/server operations 10) Open file called /etc/xinetd.conf and add the following lines to that file. service cvspserver { Port = 2401 socket_type = stream protocol = tcp wait = no user = root passenv = server = /opt/bin/cvs server_args = --allow-root=/home/cvs -f pserver env = HOME=/home/cvs log = /var/log/cvslog } 11) Space on both sides of = in the above file is a must. 12) Restart xinetd services by running command " services xinted restart " 13) Check whether CVS is running on the port 2401 by using the following command "nmap IP |grep 2401". If the CVS server is running correctly it will give output as "2401/tcp open cvspserver ".
I have a problem in connecting from windows xp OS to the REDHAT LINUX through vncviewer. The first connection works fine. However, if I want to add more than one connection by establishing the hostname:2 through vncviewer, it stops working. I have tried modifying the file /etc/sysconfig/vncservers to add more than one allowable connections. It still fails...
at work place I have an HP ProLiant DL580 with RedHat Enterprise Server 5.4 x64. Today I cloned this machine using clonezilla. What I would like to do is restore the image to VMWare machine for personal purpose (I cannot perform tests on production machine). But after restoring on VMWare I got "Kernel Panic". That's normal due to different hardware.
Now, is there a way to remove the Kernel Panic and correctly boot the machine? I ask our tech department for the RedHat CD1 to enter the "linux rescue" enviromnent, then try to re-read the hardware list with
What is the step by step procedure of creating simple DNS in redhat enterprise linux? or by using simply named.conf,resolve.conf, with forward zone & reverse zone.
I have currently Windows 7 running and installed on partition C.I have partition D empty , and I would like to install Red Hat on it without affecting Windows seven ( i.e., dual boot Windows 7 & Red Hat6 ).
I am trying to install openldap 2.4.21 in redhat enterprise 5 version and I am having some issues. When I ran the configure command, I had the following error.
checking for Berkeley DB major version in db.h... 4 checking for Berkeley DB minor version in db.h... 3 checking if Berkeley DB version supported by BDB/HDB backends... no configure: error: BerkeleyDB version incompatible with BDB/HDB backends
So I downloaded and installed Berkeley DB 4.8.26 version. But my problem is how do I make openldap to point to this.
I;m using RHEL5, i have a problem with my wireless lan card, my laptop wireless cant be enable , i always show a inactive in the network configuration property, i know it detect in my box code...
I installed Redhat nash version 5.1.19.6 with kernel 2.6.18-128.el5-xen-i686 on a Dell Inspiron 1300 with Broadcom BCM4401 (eth0/LAN) and BCM4318 (eth1/WLAN). eth0 is working fine, but eth1 was causing trouble. After some difficulties with missing packages I managed to install ndiswrapper, blacklisted module bcm43xx in /etc/modprobe.d/blacklist and removed it, loaded module ndiswrapper and had connection. But after reboot module bcm43xx was again loaded. So blacklisting does not seem to work.And additionally strange to me, I cannot unload module bcm43xx anymore. And if I load ndiswrapper driver bcm43xx is still used as the terminal command 'dmesg' is showing me in the system log, while ndiswrapper was used when the connection was once and only once established
I m using redhat enterprise linux 5 desktop i hav a broadband connection through bsnl dna-a211-1 modem how to activate the connection into my laptop with redhat enterprise linux5?
I am a first timer in setting up a mail server. As I heard that Postfix is a very simple mail server to configure I decided to use it on the same server where we have our squid. It seems that it is really simple enough because immediately after configuring,I can send and receive internal e-mails and send external emails. As I replied to the external emails that I received myself I found out that all of them just landed on the mail queue and this is where my problem starts. I cannot make Postfix deliver the messages to my outlook mailbox. By the way, I am sending the emails the through outlook also.
I am trying to install Redhat linux 4.0 Enterprise edition in my system. The system starts booting from CD-ROM and starts installation. It prompts for language selection(By default English) and then key board type ( By default US type). After this it is prompting to select the drivers with the following options.
" SELECT DRIVERS", "CHOOSE DRIVERS FROM LOCATION", "BACK". Why it is prompting for drivers?. what type of drivers it is looking for? what is the solution? My system mother board type is Intel 80865.
just set up a windows server and other windows boxes send alerts to it no problem.Yesterday I configured my linux box (RHEL 5) using /etc/sysconfig/syslog and /etc/syslog.conf so that all alerts would go to the syslog server.There are no external firewalls involved and while the firewall is working on my linux boxI have made sure port 514 TCP/UDP are let through.Ive checked syslogd and klogd are running.I've also applied the '*@10.20.30.40' line in etc/syslog.conf. Basically Id like everything to go to the syslog server.Now if I telnet to the syslog server on port 514 I can type text on the linux box and it comes through on the syslog server. Great - but no syslog alerts seem to come through normally, even when I reboot the box.I've tried *., .*, and * to no avail, ive got an entry in my hosts file for the server 10.20.30.40 and tried using a name instead of an ip address, no luck.
i want to extend my existing partition size,but it should do it without formatting my operating system.i don't have the solution.Is this possible?if possiblsolution.hope somebody should give the answer
I have installed Redhat Enterprise Linux Server 5 on my laptop. I want to install Oracle 10g database on RHEL5 server. I want to know whether any additional rpm's need to install before installing the Oracle 10g.
I am trying to give access to ONE single user to start and shutdown tomcat server. The problem being, when I enter syntax: username ALL= /etc/init.d/tomcat5, /usr/local/tomcat/webapps, PASSWD:ALL This gives the user access to start and stop tomcat but also gives user access to start and stop other services within /etc/init.d - such as httpd etc... What is the proper way to give user access to start and stop service, and limiting that power to only one service....
I newing to utilize linux I want to ask I install redhat enterprise 4 4 on laptop acer aspire 4736, and all hadware I am not detected comprise wifi card and lan card. how detects my hadware that? one again of making ad-hoc at ubuntu 7.10
I am new user in RedHat Enterprise 5 Linux. I want to install openoffice. But i can't download & install it. Have any solution to done this successfully?
