Security :: Shell Login Tripwire - Optimal Place?

Jul 11, 2010

I have disabled root login in my remote shell and I have a pretty strong password. I am not happy though. I want to increase security. I've been thinking about installing some basic tripwire rig, like say, send myself an email every time I (or anyone) log in. My questions:

- What kind of data would be useful to be sent in that email? Anything else besides "user so-and-so logged in at {date and time}"?

- How would I achieve that? Is it enough to include it in .tcshrc (because my shell is tcsh)? Should I add it to other shells as well (.bashrc, .csh etc.) even though nobody uses the other shells? Is it better placed in some other file, like .login? What is the optimal place?

- Would that be enough? Can I make that whole idea more secure in any way?

View 11 Replies


ADVERTISEMENT

Ubuntu Security :: Install Tripwire On Computer?

May 1, 2011

I am going to try to install Tripwire on my computer. I do not know why or how to configure Tripwire policy and configuration files.

View 1 Replies View Related

Security :: Tripwire Initial Configuration - New Policy - P

Jul 29, 2009

I have just installed tripwire. I have created a baseline db using the default policy file. Then I checked the output of the db to see what I did not have on my filesystem that db was searching for (according to the default policy when tripwire was installed), I then changed my default clear text policy file accordingly and used twadmin to generate a new tw.pol file.

Next I come grinding to a halt after this (assuming the next thing is to update the policy in tripwire right? )

Code:

View 2 Replies View Related

Security :: Periodic Update Of Tripwire Policy File?

Jul 1, 2010

I have tripwire 2.4.1.2 running on one of our servers on a daily basis, and I was curious to know if it is good practice to periodically update the policy file. The reason for my asking that is while the daily reports that I get indicate there have been changes to files on a daily basis, there are also files that have not been modified for over a month. My thinking is an update of the policy file will establish an updated baseline, and those files that have not been changed for so long will not be reported on until they get changed again.

View 1 Replies View Related

Fedora Security :: Tripwire Revealed File Size Differences?

May 14, 2009

Recently I decided to utilize an IDS system. So I installed Open Source Tripwire. Not that I am too worried about anyone gaining a successful foothold on my system. But I wanted to learn and experience this IDS system. And no, this is not a new server install but I have never seen anything that resembles illegal activity. My server is an installed CentOS 5.3 with SELinux in targeted mode.

Tripwire has brought to light some interesting things. Installation states to verify rpm packages using rpm -Va. I have found that many of my system binaries are not the same size as if I were to replace them via yum. Most of the binaries are like twice the size compared to a newly installed package, of the same version. I'm not sure what to make of this. These programs are the original installs (CentOS 5.1) and I keep the system up to date regularly via yum.

I wonder if perhaps these system files installed are perhaps different then individual package size installed via yum? I have a hard time believing this as a package is a package. The only other possibility that comes to mind is that nearly my entire system has been hacked with new system files, and in a way that has revealed and suggest nothing. I find that far fetched as I have run this server for some time now and I should think I would know a problem as not a morning goes by that I haven't review my logs, as they are emailed to me. Thoughts about the difference in file sizes? Those installed via CentOS DVD verses those installed via yum?

View 3 Replies View Related

General :: Place A Shell Script With Tail -f In The Back Ground?

Oct 6, 2010

Following script name is 123.sh and I need to put this in the background if I do 123.sh -bg this will not bring me back to the prompt but echoes what ever I put (using echo hello >> /tmp/123) in to the /temp/123 file. the only way that I have found doing this is to do "nohup 123.sh &" to put this in to the background. Is this okay or is there any better way of doing this?

#!/bin/bash
# file name is 123.sh
tail -f /temp/123 | while read line

[code]...

View 6 Replies View Related

Fedora :: Changes In Login.defs Does Not Take Place?

Jul 13, 2010

I edit /etc/login.defs so it change the mail directory:

Before changes:

Code:
MAIL_DIR /var/spool/mail
#MAIL_FILE .mail
After changes:

Code:
#MAIL_DIR /var/spool/mail
MAIL_FILE .mail

But when i create new users there is no .mail file in their home folder

View 2 Replies View Related

CentOS 5 :: Changes In Login.defs Does Not Take Place

Jul 13, 2010

I edit /etc/login.defs so it change the mail directory:

Before changes:

MAIL_DIR /var/spool/mail
#MAIL_FILE .mail

View 3 Replies View Related

General :: Write A Shell Script Which Can Ready Content Of The Folder And Place Files On Remote FTP Server?

May 9, 2011

I need to write a shell script which can ready content of the folder and place files on remote FTP server. I need to make sure that a file that is already placed on remote FTP server is not attempted second time. The file names will be something like Records-2011-05-09. The files will be generated by MySQL every hour.

View 7 Replies View Related

Ubuntu Servers :: Put A Few Login Restrictions In Place?

Jun 3, 2010

I've got Ubuntu server 10.04 set up and I wanted to make a few restrictions. It's pretty much just acting as a VMware server at the moment, and there are some users I've created who I only want to be able to be able to log into the VMware infrastructure web interface. I want to make sure these users can't log in via SSH, FTP, or the console itself. I understand how to block them from logging in via SSH by using DenyUsers, and I added these users to the /etc/ftpusers file to lock them out of FTP, but how can I block them from logging in at the console itself?

I tried locking the user out by editing the /etc/passwd file, but the problem is that by doing this, it also prevents the user from being able to log into the VMware web interface.

The user's entry in /etc/passwd looks like this: bsmith:*:1005:1005:Bob Smith,,,:/home/bsmith:/bin/bash

View 3 Replies View Related

Fedora Security :: Get The SELINUX Authors To Consider Re-labeling Files When They Are Moved From One Place To Another?

Feb 17, 2010

I have a Fedora 12 box with a fresh install. I use ktorrent to download something, eg a series, into my home folder. Now, as root, I move (not copy) the folder with the downloaded files to /var/www/html/bob so that when someone opens http://myserver/bob/ they see the list of folders and files I have placed there. I also chmod the whole folder to 755 and chown to root.root. The folder I have just moved there is not displayed. So to work around it (before I realised it was SELINUX) I created a new folder. Now the folder is visible. Good. So now I move the files into the new folder and delete the old one. The files are displayed ... good. But wait, there's more: you cannot access (download) the files, even though they are visible.

1. How do I VIEW what context is assigned to these files?

2. How do I correct the context so that http server can allow people to access them?

3. How do we get the SELINUX authors to consider re-labeling files when they are moved from one place to another so as not to cause this fault?

View 6 Replies View Related

Fedora Installation :: F13 To F14 No Shell At Login / After Upgrading Cant Login On User?

Jun 3, 2011

yesterday I updated my fedora 13 to fedora 14 (on laptop) and today i cannot log in on user. It just go blank for a sec and is back to login.

At text console (alt+ctr+f2/f3) i enter my username and pass it give this for a sec and resets (clean) console
username: Name
password:
last used: [date]
login: no shell permission denied

i used unetbootin (fedora 14 netinstall to update) and later i updated 1,5G before reboot (did update that fix, forgot its name tho :s)

I would most likely reinstall everything, but i have some work at laptop and as death-line is near, i would prefer to fix it if possible.

edited:
i have installed F13 on unused space, is there a way for me to access and fix it? or at least get some files from there?

View 1 Replies View Related

Security :: Write A Shell Script Setup Security Policies?

Feb 3, 2010

Is there a way to delete files on the commandline that uses the KDE-Wastebin?It appears that I never ever need the KDE4 Wastebin for files that I deleted through Konqueror or Dolphin. It is only when I delete files on the konsole with rm that I wish I could undelete them. It always happens like that, mostly by being in the wrong directory or using a wildcard when I should not have. (I don't have any erroneous deleted file right now, and I do have plenty of backups, but I just wonder whether there is something better than rm to use generally on the commandline.)

View 9 Replies View Related

General :: Diffrence Between Login And Non Login Shell?

Feb 17, 2010

diffrence between login and non login shell. What does it mean by user enviorment.

View 3 Replies View Related

Ubuntu Security :: Login Panel Is Worse From Security View Point

Jan 19, 2010

ubuntu 9.10 login panel is worse with respect to ubuntu 8 since now all the users with names are shown without a way to hide them!Why don't keep the old way at least as an option?

View 5 Replies View Related

Ubuntu :: How To Install The Tripwire

Jul 2, 2010

I'm trying to install Tripwire, but everytime I run the apt-get command, I receive an error.

How do I fix this and get Tripwire installed?

EDIT: I'm getting the same error trying to install updates. I've never seen this error before and am not sure what could be causing this.

View 1 Replies View Related

Red Hat :: How To Copy Tripwire From Rh9 Install

May 17, 2010

Can someone please tell me how to copy tripwire from my rh9 install and tranfer it to Fedora Core 5??

View 3 Replies View Related

Ubuntu Security :: Updated Browsers Using Update Manager Have Lost Security Login Pages For Web Mail?

Mar 3, 2011

i updated both browsers i have and lost my secure log-in pages (no padlocks showing ) concerning different Web mail accounts.Just before i did these updates i checked an unrelated thing on-line regarding my sound card of which i kept a copy of and got this message below :

!!ALSA/HDA dmesg
!!------------------
[ 12.762633] cfg80211: Calling CRDA for country: AM

[code]....

View 2 Replies View Related

Ubuntu Security :: Bad Login Protocols - Graphical Login For Gnome Sizes Itself To Accommodate A User's Exact Password Length

Dec 14, 2010

I'm seeing really bad user login format under a standard installation and am wondering why ubuntu does this as default. I have noticed that the graphical login for gnome sizes itself to accommodate a user's exact password length. This indicates to me that somewhere on the unencrypted part of a standard installation with user encryption contains at least some indication of the content of the password length which seems a security flaw even if not a complete hole, it majorly reduces the number of attempts a cracker would have to cycle through.

And that's assuming that *only* the length is contained. Furthermore it seems that it would be MUCH better to simply display the number of characters entered into the pw field and allowing the gui to expand itself from an fixed size as the field is filled out so the the user still receives visual feedback for entering characters. Either a simple character count display should be entered into the field or a 10 dot to new line so that one can visually quickly count the number enter by multiplying from a 10base graphical observation.

View 9 Replies View Related

Ubuntu Security :: Startup Login Screen Security?

Aug 27, 2010

just migrated to Lucid from Jaunty and noticed that the login startup screen looks more like windoze (shows all authorized users).One of the endearing security checks with Unix was that if you had access to a console you had guess both userid AND password - the system wouldn't tell you which was wrong.I feel that we have lowered security by making the list of authorized users visible on a console. Is there any way to turn it off and force users to enter both userid and password?

View 4 Replies View Related

Ubuntu Security :: Security E-mails At Root Login?

Sep 8, 2010

Whenever I login as root, an e-mail with the subject "Security information" is sent outwhere the e-mail address for this message is configured? I need to change it (or perhaps disable it).

View 9 Replies View Related

Software :: Excluding Directories And Files In Tripwire?

Jul 12, 2010

I have tripwire 2.4.1 up and running on one of our servers, and I am now in the process of configuring it to exclude some files and/or directories that are known to change periodically between integrity checks.

I did some reading on the subject, and one file that came up was the tw.config file. However, when I did a search for the file, there was no instance of it on the server. My next thought was to modify the tw.pol file, and I did try to list some files to be excluded. However, when I tried to update the policy, I got an error message which indicated the syntax that I entered within the tw.pol file was incorrect.

If the tw.config file does not exist, can I create it, and modify the tw.pol file to indicate where the file is located on the server?

View 1 Replies View Related

Software :: Tripwire Reports Huge In Size / Reduce / Prune Them?

Jan 21, 2009

I have been asked to investigate some of our servers that run tripwire 2.3.0 on Red Hat Linux Advanced Server release 2.1AS (Pensacola)

We have the reports emailed to us using cron and twprint -m r -r report -t 4, it has been growing steadily and today it was 9mb It seems the database records go back to before 2004 and are being compared against today's files.

I really need to be informed what needs to be done to tripwire to keep it serviced through cron. I have tried to google this but could not find any information that seemed to answer my questions.

Looking at the following guide url step 6 talks about "Updating the Database after an Integrity Check" using

Code:
# tripwire --update --twrfile /var/lib/tripwire/report/<name>.twr Should I be using this command or should I be re-creating the db every month or so and using the #tripwire -init?

Extract from report -

Quote:

-------------------------------------------------------------------------------
Section: Unix File System
-------------------------------------------------------------------------------

Rule Name Severity Level Added Removed
Modified
--------- -------------- ----- ------- --------
Invariant Directories 66 0 0 0
code....

I need to understand how to change the expected to the observed so the db will be up to date.

I would also like some of the rules explained:What does removed and added mean? Is it removed as it has not changed and added if it finds a new one that has?

Code:

-------------------------------------------------------------------------------
Rule Name: System boot changes (/lib/modules)
Severity Level: 100
-------------------------------------------------------------------------------
----------------------------------------
Added Objects: 3075
----------------------------------------
code....

View 1 Replies View Related

Red Hat :: Rhel 4.8 - Nc: Connecting - Cannot Get The Tripwire Server To Talk To The Agent On The Red Hat Machine

Dec 7, 2010

I have tripwire enterprise (not open source) agent running on one of my rhel4.8 web servers (I have actually tried with two servers with same results). The agent is a simple install rpm bin file and appears to be running as it should and the server for tripwire enterprise is set up accordingly. A windows tripwire enterprise agent is also on a windows machine that works perfectly well. But I cannot seem to get the tripwire server to talk to the agent on the red hat machine.

I can connect to port 9898 on the server, but the agent who also talks over the same port doesn't appear to be responding to the server on this port. There are no iptables set up to block the requests, there is no firewall set up (disabled) . Network team can see the packet requests being sent over the routers fine... So can't see why there would be a problem. So i reverted to the use of net cat.

Nc -l 9898 (on the agent machine)
Telnet <agent> 9898

But I get connection refused. Is there anything I could be missing here? Redhat is not my Linux of preference and it may be something obvious!

View 4 Replies View Related

Ubuntu :: What Is 'login Shell'?

Jul 27, 2010

what is "login shell" and what is the difference between "login shell" and just "shell"?

View 2 Replies View Related

Debian :: What Would Optimal .config For EEE PC Look Like?

May 30, 2011

I installed this package (Squeeze) and the man page for laptop-mode.conf is rather overwhelming in the amount of information it provides, as is the .conf itself; does anyone know if simply installing laptop-mode-tools has an effect on power consumption? In other words, does the default .config save power? Or do I have to alter the .config? If so what would an optimal .config for an EEE PC look like?

View 1 Replies View Related

General :: How To Fix A Crashing Login Shell

May 20, 2009

Hello.I am using Opensuse 11.1 (just installed),gnome-based .My problem is,I can only login as root,cos the tty's attached to my normal user(non-privileged)keep crashing(I checked this with last).Is there any way I can fix this?I reinstalled several times,nothing to do.

View 9 Replies View Related

General :: How To Login As Root In Shell

Jul 20, 2010

How to login as root in linux shell?

View 3 Replies View Related

General :: How To Change Shell Without Login

Jul 26, 2011

I work with a text mode debian6.0 and when I was testing some commands, I changed default shell to ash. System replied that it has not ash shell.so I thought the shell did not change. But when I start the system again and enter root password, I see a message like "can not execute ash. No such file or directory" and then system return to login page again. Root is the only user on that system.

View 11 Replies View Related

Software :: Boot To A Login Shell Instead Of Gui?

Aug 26, 2009

We have a centos machine which serves as a web server. We also have a mysql server running on it. Currently we log-in via a gui prompt into a gui session. We are looking at changing this aspect; we want to login via the shell instead of gui. We'd need to keep all the current services on that machine running however. What should we do?Even once this is done I'd need to know how to start a gui session from the shell itself.

View 8 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved