Linux Security

The Linux operating system, in all its flavors, has its own share of security flaws that allow intrusions, but there are various mechanisms by which these flaws can be removed, generally divided into two parts: authentication and access control. Authentication is responsible for ensuring that a user requesting access to the system is really the user with the account, while access control is responsible for controlling which resources each account has access to and what kind of access is permitted.

Share tech news, updates, or what's on your mind.

Sign up to Post

Ubuntu Linux 18.04.1

I need to know what is the best recommended Anti-Virus and Malware protection I can install on my Linux machine.
Please include: Free, Less Expensive, and the Best (no matter what the price), so I can make my decision.
Fundamentals of JavaScript
LVL 12
Fundamentals of JavaScript

Learn the fundamentals of the popular programming language JavaScript so that you can explore the realm of web development.

Hi ...
I was wondering if anyone knows how to change default icons for a new user in Slitaz.
By default, trash icon and Document icon get added to desktop when a new user logs in for the first time.
I am trying to change it only to Terminal.
Thank you for your Quick Prompts.
zgrep 'MobileDevice' xyz.log.20181121.gz|grep 'USER123'| awk '$0>= "2018-Nov-21 00:01" && $0<="2018-Nov-21 23:59"' | awk -F '|' '$24>300 {print}'
above grep printing all the columns successfully satisfying abov condition of


Now i need to filter above query based on the state like Florida which is printing in 23rd column i.e $23

zgrep 'MobileDevice' xyz.log.20181121.gz|grep 'USER123'| awk '$0>= "2018-Nov-21 00:01" && $0<="2018-Nov-21 23:59"' | awk -F '|' '$23=FLORIDA {print}'

above query not working

how to check String equality in AWK

Please advise
What's the best way to monitor for UDP syslog traffic coming in from a redhat 4 and redhat 5 syslog clients if it's not arriving at the syslog server. The syslog server is running on a Redhat 6 server. netstat -taulpe | grep syslog is showing that UDP is listening on all IP's on the server but I'd like to see if there is any other way apart from running  tcpdump -i <nic> port 514. Would watch lsof -a -i:514 show it?
I'll need to monitor several "privilege escalation related" Solaris 10 & RHEL6 files using
ACLs (Access Ctrl Lists) :

a) /etc/group, /etc/sudoers, /etc/cron.daily (or .weekly or any crons owned by root):
    ACL to send to syslog (so that we can pipe to SIEM) when permissions, ownership
    or contents of the above files are changed

b)visudo, sudo, usermod, useradd    command binary files :
   when these are being executed/run, ACL to send to syslog (who & when it's being

Appreciate an exact  setacl (or the actual commands/settings in RHEL6 & Solaris 10
x86  samples
Need to harden a Solaris 10 that is connecting to Internet  from DMZ.

Anyone has a Solaris 10 hardening script that once run will harden for
a) Level 2 Profile
b) "Scored"

The attached which I got from GitHub doesn't seem quite fit to what's needed
& with all the "printf ...", it's more of listing out than actually doing hardening.

From CIS benchmark:

Scoring Information
A scoring status indicates whether compliance with the given recommendation impacts the assessed target's benchmark score. The following scoring statuses are used in this benchmark:
Scored  <==
Failure to comply with "Scored" recommendations will decrease the final benchmark score. Compliance with "Scored" recommendations will increase the final benchmark score.
Not Scored
Failure to comply with "Not Scored" recommendations will not decrease the final benchmark score. Compliance with "Not Scored" recommendations will not increase the final benchmark score.


 Level 1
Items in this profile intend to:
o be practical and prudent;
o provide a clear security benefit; and
o not inhibit the utility of the technology beyond acceptable means.
 Level 2  <==
This profile extends the "Level 1" profile. Items in this profile exhibit one or more of the following characteristics:
o are intended for environments or use cases where security is paramount
o acts as defense in depth measure
o may negatively inhibit the utility or performance of the …
xhost executing successfully for the user who has the direct login access to the OS.

when I swtich to the other user (su) and which doesn't have the direct login access to OS, could not run the xhost command.

Kindly advice, how to achieve the same.

Security Bulletin: IBM MQ and IBM MQ Appliance MQOPEN call might succeed when it should have failed. (CVE-2017-1341 )

what does  IBM MQ and IBM MQ Appliance MQOPEN call means?
does it mean client side or server side?
CVE-2017-1283  - How to fix this?
The 7 Worst Nightmares of a Sysadmin
The 7 Worst Nightmares of a Sysadmin

Fear not! To defend your business’ IT systems we’re going to shine a light on the seven most sinister terrors that haunt sysadmins. That way you can be sure there’s nothing in your stack waiting to go bump in the night.

If my rsyslog.conf is configured to write *.info *.warn *.kern and some others to /var/log/messages is there any way to identify the local6 *.info messages apart from the *kern and *.warn and others in  /var/log/messages? I've noticed sometimes that the messages contain kern and warn but not just sure what *.info are and if there's an easy way to identify them
I'd rather not have to configure /etc/rsyslog.conf to have another log file for just *.info if it can be avoided. If there's no other way then I might just have to do it but I'm curious what the local 6 information messages actually are.
I have several linux systems. Normally I login on them with my account, and after I login i execute sudo -s, so I can get admin privileges.
Sometimes I need to edit some files or copy some files out of the linux systems and in the past I ofter used the winscp program.
Unfortunately when I login with winscp with my account I don't have admin privileges, and thus I am not able to open and edit needed files, I am not able to copy files out of the system. Can you tell me how to login with winscp with admin privileges
I am sysadmin..I want to know

I want to reach the server, to check the connectivity thru specific port.
This is just to varify whether the required firewall rule defined properly or not.
Consider the below scenario

userPC---- firewall --- Destination-server

I have installed some software on the server, the service  of that software is using port # 301.

1) Scenario...
      Firewall defined
      server#  service UP
        userPC# telnet 301  --> user get reply

      Firewall defined
      server# service DOWN

is there any command/3rdparty-tools available to just varify, pockets from userPC able to reach on the server through port#301

This I asked just to segregate if there any issue, problem from firewall side (or) destination server side.
awk query
 unzip -c  xyz.log.20180905.gz| awk '$0>= "2013-Sep-09 18:33" && $0 <="2013-Sep-09 23:15"'| grep '|[1-9][0-9][0-9][0-9][0-9]|0000'|wc -l
Zip file too big (greater than 4294959102 bytes)
  End-of-central-directory signature not found.  Either this file is not
  a zipfile, or it constitutes one disk of a multi-part archive.  In the
  latter case the central directory and zipfile comment will be found on
  the last disk(s) of this archive.
how to learn awk any good video tutorials on it?
please advise
I need to upgrade fail2ban 0.8.14 to 0.10.3.  I am on a Linux 2 server which prevents me from loading any repositories or using Yum to install it.

So, I need to know the steps to get my fail2ban upgraded.  

Fail2ban stopped working.  I have scoured the log files and no errors.  It was working and it seems since my last Yum update for security it quit working.  I can do fail2ban-client status and it shows 7 jails.  I can look in the iptables and it shows the jails.  However, when I run fail2ban-regex it shows many hits but none are getting blocked by the iptables.  The iptables are on.

This is 0.8.14 and I am on a Linux 2 Amazon Ami with PHP 7 and Python 2.7.14.

When it was working  it had over 221 ips banned just in one jail.

Please help me get this going.  The bots overrun my system if it isn't in place.
We have implemented a new ERP system and are using seven Datalogic portable data terminals logging in to a Linux VM using telnet connections over WiFi. The problem I am facing is we only have seven licenses for our handheld units and at times a unit will lose connection and the user has to log back into their telnet session, however their old shell on the VM is orphaned and we cannot log in due to the license restrictions. I have set the units up so I can identify each unit by userid so I can kill the duplicate sessions but it happens enough that managing it this way is not practical as a long term solution.

I know just enough Linux to be dangerous but not enough to accomplish what I would like to do which is when a user HH1 or HH2 or HH3 logs in I would like to kill any existing shells for the user so each handheld is a one to one between the physical unit and the shell on the VM.

Any ideas on how to do this. We use TelNetCE on the units and just telnet and the users have a simple green screen, character based menu driven system.

Hi I am looking to do Pester test around my powershell code...but not sure about it ...can some help.

Bascially I need to pull Azurekeyvaultkey information using powershell and then do a pester test to do it, I managed to do poweshell bit but not sure how to do pester part....please I need help urgently.
JavaScript Best Practices
LVL 12
JavaScript Best Practices

Save hours in development time and avoid common mistakes by learning the best practices to use for JavaScript.

In ubuntu 16:
it's added a wrong file in /etc/sudores.d/ folder.
I can't do sudo form any user. I can't do any thing.
How can I remove this file from folder sudores.d.
can I remove file if I login in as recover mode?


I'm running CentOS Linux release 7.4.1708 (Core), issue is i'm able to login using local users but not using ldap users, please help me on this.

I've tried restarting services using authconfig-tui command, but still i'm getting authentication failure error for ldap user.

please see the attached doc (ldap issue.docx), and below output commands and let me know if any other details are required.

[root@server01 log]# cat /etc/openldap/ldap.conf
URI ldap://<ldap servrer ip>:389/
BASE dc=prod,dc=hclpnp,dc=com
[root@server01 log]# getent passwd testuser
[root@server01 log]#

[hubba@servder01 ~]$ su - testuser
su: Authentication failure

[root@server01 log]# cat /etc/nsswitch.conf
# /etc/nsswitch.conf
# An example Name Service Switch config file. This file should be
# sorted with the most-used services at the beginning.
# The entry '[NOTFOUND=return]' means that the search for an
# entry should stop if the search in the previous entry turned
# up nothing. Note that if the search failed due to some other reason
# (like no NIS server responding) then the search continues with the
# next entry.
# Valid entries include:
#       nisplus                 Use NIS+ (NIS version 3)
#       nis                     Use NIS (NIS version 2), also called YP
#       dns                     Use DNS (Domain Name Service)
#       files              …

Now our MySQL cluster test platform do not have internet connection and we need to setup local repository for it.

I check out a lot of googled page and it seems no one exactly match what I am going to install, let see what I go from latest MySQL cluster 7.6.6 binary:

rpm files list.
so for management node, which rpm I should install and what is the command for it? just yum --noplugin localinstall <rpm name> ?

For data node, which rpm I should install?

For SQL  node, which rpm I should install ?
I have installed fail2ban on an Amazon Linux 2 instance running Apache 2.4.  I can't start it up because I am using postfix and the default mta is sendmail.  I don't have sendmail installed and I don't want it.

I use google apps for my smtp server.

How can I change over to postfix or use google apps for my fail2ban mail option?

I am on an Amazon Linux 2 AMI running Apache 2 and I need a software solution for security.  I have been told mod_security isn't a good choice.  So does anyone have experience with the AWS Waf?  If so, what rules are you using?

Or, do you have another idea altogether?

On my previous instance I used fail2ban but I found the bots could outsmart fail2ban so hopefully someone will have a better choice.

Let me clarify my biggest  problems are postfix issues, stopping ddos, bots running up and down my site stealing bandwidth, clicking on every link and having numerous disk i/o's which I have to pay for.

By the way, I am not interested in using another AMI due to the complexity of my existing AMI.
Dear Experts

When we enable encryption in windows 10 systems it encrypts when we store documents, what exactly happens here as we take the stored files from the encrypted  and transfer it via email or copy to USB or share it in network drive all those other side people who have access can open and read or modify based on permissions does it mean it is not file level encryption I mean whoever know the system password files are accessible if someone wants to crack the harddisk then the file formats stored is not as per the document extension like .docs, or .exls please help me to understand this.

2. what does it mean server side encryption like next cloud deployment says we can enable server side encryption how is it different from ssl enablement that is user accessing through https,
please help me understand above two , thank you very much in advance.

Linux Security

The Linux operating system, in all its flavors, has its own share of security flaws that allow intrusions, but there are various mechanisms by which these flaws can be removed, generally divided into two parts: authentication and access control. Authentication is responsible for ensuring that a user requesting access to the system is really the user with the account, while access control is responsible for controlling which resources each account has access to and what kind of access is permitted.