Linux Security

The Linux operating system, in all its flavors, has its own share of security flaws that allow intrusions, but there are various mechanisms by which these flaws can be removed, generally divided into two parts: authentication and access control. Authentication is responsible for ensuring that a user requesting access to the system is really the user with the account, while access control is responsible for controlling which resources each account has access to and what kind of access is permitted.

Share tech news, updates, or what's on your mind.

Sign up to Post

i'll need a Shell script that scans thru creation dates of all patches (ideally only the security ones but
if this is not possible, then all patches) installed in an RHEL 7 server, get the latest one, compute
the difference from today's date & give the difference in number of days & if the difference is
more than 90 days, echo out a message, "It has been more than 90 days since last patch)

Purpose is to check the last patch date & remind Linux admins.  Believe RHEL releases patches
at least every 3 monthly?
0
Ransomware Attacks Keeping You Up at Night?
Ransomware Attacks Keeping You Up at Night?

Will your organization be ransomware's next victim?  The good news is that these attacks are predicable and therefore preventable. Learn more about how you can  stop a ransomware attacks before encryption takes place with our Ransomware Prevention Kit!

hi

on the unix box various users like xyz, abc etc.

Looks like disk space is running out of server and i need to cleanup.

How to know how much user xyz occupying size and how much abc user is occupying size. please advise
0
I  have a few question for selection of drop policy applied place.

1. Which one first apply the drop rule ?
2. iptables and nftables are user space appliances but i do not know deeper , are they work in kernel space and pipe the requests from user space or are they work completely after kernel space ?
3. Is there any possibility to drop a packet before any kernel space module ,i tryed with netfilter and drop an ip xx.xx.xx.xx and i realize that tcpdump still reading the traffic but iptables not. So the traffic is passing to kernel space still on netfilter.
0
i am in particular folder say abc.

I did ls -ltr where there are bunch of files.

i want to search all the files starting with file name xyz alone ignoring other starting with pqr etc(ignore pqr000.log.20170806.gz etc).
My search should result like

xyz123.log.20170806.gz
xyz456.log.20170806.gz
xyz789.log.20170806.gz etc



What is the command i have to use for that.

is it grep or find or something else.

when i gave grep xyz.* it did not gave any result.

how searching inside a file content is different from search outside on unix file names.

any good link on these commands? please advise
0
I haven't worked on SUSE long time. Can some one explain me the process of patching in SUSE and I want to update the bash package.

need some steps as well. I would appreciate.

I want to cover this

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6277
0
Hi,

In unix using vi how do i copy paste from one file say abc.ccfg to xyz.ccfg.

in windows i simply say on abc.ccfg select all then control c then go to xyz.ccfg say control v .

Thats all i have to do.

VI editor is something i hate.

not at all use friendly.

even moving cursor is big thing there.

any good shortcuts and tips, links on using vi.
0
when i cannot stop weblogic server my friend gave below commands



ps -ef | grep ggg3rrr

what above command gives as result?
kill -9 43856
what is -9 and what is 43856 in above kill command.

please advise
0
Hi,

I have xyz.ccfg under my weblogic server.

I logged in to unix weblogic server box.
How do i search on above file name 'xyz.ccfg' to find its exact location like

abc/home/user1/......

i am not sure exactly where it is?


please advise
0
I am running  proFTPD server on  my system. When i use filezilla ftp client i get the folllowing error when i try to access the files on my server. What is causing this error? See attached file for exact screenshot of the issue.
ftpd-error-message.PNG
0
The issue is as follows, I am running an centos 7 server with a  PHP Plesk Panel 12.5 running my subscribers and their sites. I just recently installed the Ipad site builder module and the site builder module to test each for a potential site building solution for my clients. Well after i installed both,  I was forwarded to a third party website where the actual website is created for each client. Well, after the site is created, on their site i have the option to publish it to a domain on my server.  At 50% install i get the following error  fsockopen failed No route to host (113). Now this same thing happens when i use the site builder module as well.  I am running  PROFTPD on the system, so i do have an ftp server running.  What i need to find out is how to resolve this issue. I am sending you a screenshot us running filezilla  as ftp on port 21, i get the following error. I know this is a minor issue , i just need help narrowing down the cause or misconfiguration.

My firewall and router are open for port 21.
ftpd-error-message.PNG
0
Need protection from advanced malware attacks?
Need protection from advanced malware attacks?

Look no further than WatchGuard's Total Security Suite, providing defense in depth against today's most headlining attacks like Petya 2.0 and WannaCry. Keep your organization out of the news with protection from known and unknown threats.

I had installed Apache SVN over ubantu 16 . in which i am trying to put access base restriction for different path by AuthzSVNAccessFile /svn/net location.
 hear i am facing issue for [/]  groups are getting restricted but apart from this location any path is not getting restricted inspite of trying multiple combination in access file.

Server.conf
<Location /svn>
  DAV svn
  SVNParentPath /svn/repos/
  AuthzSVNAccessFile /etc/svn_serve.conf
  AuthType Basic
  AuthName "MITS"
  AuthUserFile /etc/svnpasswd
  Require valid-user
 </Location>

Access file

[groups]
admins=svnnet
designers=designer1
[/]
@admins=r
[/svn/net]
@designers=r
@admins=rw
0
The error i get when i use port 21The error i get when i use port 21The error i get when i use port 21I have  this ftp dameon installed on my server for ftp access : psa-proftpd      1.3.5b-cos7.build1205160427.18. I am running centos 7 with a plesk 12.5 control panel. Each time i try to access port 21 with a valid user name and password i get an error. I have a screenshot of the area as an attachment to this question. I have never setup the ftpd dameon, it was installed when plesk was installed. I need help on understanding, do i need to do some manual changes to the config file of this dameon. I have firewalld and a router running, and both allow port 21 access to the real world. What can be the problem here, please help. I even check to see if the port is open from the web and it is. I am sure this issue is not hard, i just am a bit stuck at this point.
0
Error: Package: R-core-devel-3.4.0-2.el6.x86_64
           Requires: libicu-devel
**********************************************************************
yum can be configured to try to resolve such errors by temporarily enabling
disabled repos and searching for missing dependencies.
To enable this functionality please set 'notify_only=0' in /etc/yum/pluginconf.d/search-disabled-repos.conf
**********************************************************************

--> Running transaction check
---> Package R-core-devel.x86_64 0:3.4.0-2.el6 will be an update
--> Processing Dependency: libicu-devel for package: R-core-devel-3.4.0-2.el6.x86_64
---> Package kernel.x86_64 0:2.6.32-642.11.1.el6 will be erased
--> Finished Dependency Resolution
Error: Package: R-core-devel-3.4.0-2.el6.x86_64
           Requires: libicu-devel
 You could try using --skip-broken to work around the problem
** Found 2 pre-existing rpmdb problem(s), 'yum check' output follows:
tomcat6-admin-webapps-6.0.24-98.el6_8.noarch has missing requires of tomcat6 = ('0', '6.0.24', '98.el6_8')
tomcat6-webapps-6.0.24-98.el6_8.noarch has missing requires of tomcat6 = ('0', '6.0.24', '98.el6_8')
0
Hi Experts

I am trying install CentOS 6.8 minimal thru kick start on an Virtual Machine(VMware workstation) and assigning kickstart file thru http on another VM, kickstarts goes thru smoothly creates partitions and all but stuck on repo section unable to find repo following types of error, errors attached

Stuck with this error from few days, Please help

In /var/www/html location has ks.cfg file and all centos 6.8 minimal dvd content as it is

[root@srv1 html]# ls
CentOS_BuildTag  isolinux                  RPM-GPG-KEY-CentOS-6
EFI              ks.cfg                    RPM-GPG-KEY-CentOS-Debug-6
EULA             Packages                  RPM-GPG-KEY-CentOS-Security-6
GPL              RELEASE-NOTES-en-US.html  RPM-GPG-KEY-CentOS-Testing-6
images           repodata                  TRANS.TBL

Open in new window


Section of kickstart file i am assign is shown below
# Kickstart file automatically generated by anaconda.

#version=DEVEL
install
url --url=http://10.0.0.11/
text
lang en_US.UTF-8
keyboard us
network --onboot yes --device eth0 --mtu=1496 --bootproto static --ip 10.91.48.17 --netmask 255.255.255.224 --gateway 10.91.48.1 --noipv6 --nameserver 8.8.8.8 --hostname nac17
network --onboot no --device eth1 --bootproto dhcp --noipv6 --hostname nac17
rootpw  --iscrypted 
# Reboot after installation
reboot --eject
firewall --disabled
authconfig --enableshadow --passalgo=sha512
selinux --enforcing
timezone --utc Asia/Kolkata
#bootloader 

Open in new window

0
I have 300 Ubuntu 14 PC's that I block all internet except a whitelist - I do this by disabling dns, and have the central server do dns lookups for everything on whitelist and put it in a hosts file and have all the hosts use that. Obviously, this is a bit hacky but it worked.

The problem now - I have a need to whitelist *.slack.com. Slack says subdomains change too much, they cant provide a static list, or even a current list and then let me update it.

So I guess I need to enable DNS - what might be easy ways to still restrict to a whitelist of domains? I can easily run shell scripts on all 300 machines. (they check in with central server and grab a script and run it regularly). So anything I can install/configure via script is a viable option...

If it's not too hard I could set up an ubuntu machine to be a dns server.

Basically what I want is whatever is easiest so that I can just provide a whiltelist, that is allowed to have wild cards like *.slack.com and block everything else. I suppose it doesn't actually have to be a DNS based block if there is some client app.

Whatever it is, I am OK to set up a server myself - but the clients, it needs to be scriptable install/config.

I want to be able to update the whitelist easily/quickly.

Any ideas/suggestions?
0
I have linux application account and  would like to restrict the user to login directly. I want this account to be under sudoers. users can login and sudo into this account. How do i do that in linux?
0
John Experts,

I am running John on Kali.
I have ntlmv2 hashes in a file called hash.txt under /tmp
I just want to just the default word list

I know all my passwords are min 10 characters and max 14 characters
I know there will only be one digit within 0-9

Given the above, what do I edit within john.conf to reflect this?
0
How to disable disable any 96-bit hmac algorithms in centos
0
Hi,

I am working on a tenable nessus audit file for ibm aix.

What i am trying to achieve is 2 compliance check on the /etc/hosts.equiv file:

1. To find all UID less that 100 and UID not equals to the default system user ids (0,1,2,3,4,5)

2. To find all GID less that 100 and GID not equals to the default system group ids (0,1,2,3,4,5)

<custom_item>
type: CMD_EXEC
description: "UID less than 100 and not system default UID"
cmd: ""
expect: ""
</custom_item>

<custom_item>
type: CMD_EXEC
description: "GID less than 100 and not system default GID"
cmd: ""
expect: ""
</custom_item>

I am really new to working with tenable and also new to aix.

Really apperciate if anyone can help me out with what i should put for the cmd and expect statement on how to make the compliance check work.

Thanks really apperciate it!

Link: https://www.ibm.com/support/knowledgecenter/ssw_aix_71/com.ibm.aix.security/passwords_etc_passwd_file.htm
0
Free Tool: IP Lookup
LVL 9
Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

We need to have a standalone IPS solution put in.  We currently run two pfSense firewalls in an HA setup.  I was looking around on eBay and saw a Tipping Point 210E (two of them).  Are they still good with updates to definitions?  Any other less cost recommendations?
pfSense HA works a little odd too, so I'm not sure if this will even work.
Firewall 1 WAN IP x.x.x.1
Firewall 2 WAN IP x.x.x.2
Firewall Shared WAN IP x.x.x.3

Same setup with internal LAN IPs.  Each firewall has its own physical connection to the modem via ethernet for the WAN side and LAN side.
0
Short question that requires a lengthy answer....   For security reasons -- Should we host our website on a linux box or Windows?    Ultimately it will have to share data with our MS SQL server.   Also looking for someone reasonably priced but excellent web developer.... (do those go hand-in-hand?)

Mich
0
Hello Folks,
I have a few users to create for centos, and I would like to set them with restrictions such "system tools, create shortcuts, folders...similar to a kiosk " is there any way to do that or is there a special profile that needs to be created?

thanks for looking
0
I need to connect a Virtual Machine hosted somewhere running CentOS 6 to a client which is allowing connection through VPN only. However I have almost no knowledge about VPNs. The client has given me following info for connection:

VPN Remote Endpoint: <IP Address given by the client>
VPN Hardware: NGX R75.45 (SPLAT)

IKE (Phase 1)
==================
Authentication Method: Pre shared key (TBA)
DIffie-Hellman group: DH-2
Encryption Algorithm: AES-128
Hashing Algorithm: SHA-1
Renegotiate IKE: 14400 seconds

IPSEC (phase 2)
======================
Encryption Algorithm: AES-128
Hashing Algorithm: SHA-1
Renegotiate IKE: 3600 seconds
PFS Enabled: Yes

I am not sure where to put all these info in CentOS to make it to connect to the client's network.

I will be much thankful for any help.
0
Hi,
what are differences between
user defined, environmental. local, global variables

when to use which one. what are advanatages, disadvantages of using each with practical examples.
please advise
0
Hi,

I like to write a unix shell script to check calendar year, date, current working directory.

how to write and shave .sh file(Say test.sh) and how to execute to see the output.

Any detailed link explaining these steps with screenshots. please advise
0

Linux Security

The Linux operating system, in all its flavors, has its own share of security flaws that allow intrusions, but there are various mechanisms by which these flaws can be removed, generally divided into two parts: authentication and access control. Authentication is responsible for ensuring that a user requesting access to the system is really the user with the account, while access control is responsible for controlling which resources each account has access to and what kind of access is permitted.

Top Experts In
Linux Security