Linux Security

The Linux operating system, in all its flavors, has its own share of security flaws that allow intrusions, but there are various mechanisms by which these flaws can be removed, generally divided into two parts: authentication and access control. Authentication is responsible for ensuring that a user requesting access to the system is really the user with the account, while access control is responsible for controlling which resources each account has access to and what kind of access is permitted.

Share tech news, updates, or what's on your mind.

Sign up to Post

The error i get when i use port 21The error i get when i use port 21The error i get when i use port 21I have  this ftp dameon installed on my server for ftp access : psa-proftpd      1.3.5b-cos7.build1205160427.18. I am running centos 7 with a plesk 12.5 control panel. Each time i try to access port 21 with a valid user name and password i get an error. I have a screenshot of the area as an attachment to this question. I have never setup the ftpd dameon, it was installed when plesk was installed. I need help on understanding, do i need to do some manual changes to the config file of this dameon. I have firewalld and a router running, and both allow port 21 access to the real world. What can be the problem here, please help. I even check to see if the port is open from the web and it is. I am sure this issue is not hard, i just am a bit stuck at this point.
Free Tool: ZipGrep
Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Error: Package: R-core-devel-3.4.0-2.el6.x86_64
           Requires: libicu-devel
yum can be configured to try to resolve such errors by temporarily enabling
disabled repos and searching for missing dependencies.
To enable this functionality please set 'notify_only=0' in /etc/yum/pluginconf.d/search-disabled-repos.conf

--> Running transaction check
---> Package R-core-devel.x86_64 0:3.4.0-2.el6 will be an update
--> Processing Dependency: libicu-devel for package: R-core-devel-3.4.0-2.el6.x86_64
---> Package kernel.x86_64 0:2.6.32-642.11.1.el6 will be erased
--> Finished Dependency Resolution
Error: Package: R-core-devel-3.4.0-2.el6.x86_64
           Requires: libicu-devel
 You could try using --skip-broken to work around the problem
** Found 2 pre-existing rpmdb problem(s), 'yum check' output follows:
tomcat6-admin-webapps-6.0.24-98.el6_8.noarch has missing requires of tomcat6 = ('0', '6.0.24', '98.el6_8')
tomcat6-webapps-6.0.24-98.el6_8.noarch has missing requires of tomcat6 = ('0', '6.0.24', '98.el6_8')
Hi Experts

I am trying install CentOS 6.8 minimal thru kick start on an Virtual Machine(VMware workstation) and assigning kickstart file thru http on another VM, kickstarts goes thru smoothly creates partitions and all but stuck on repo section unable to find repo following types of error, errors attached

Stuck with this error from few days, Please help

In /var/www/html location has ks.cfg file and all centos 6.8 minimal dvd content as it is

[root@srv1 html]# ls
CentOS_BuildTag  isolinux                  RPM-GPG-KEY-CentOS-6
EFI              ks.cfg                    RPM-GPG-KEY-CentOS-Debug-6
EULA             Packages                  RPM-GPG-KEY-CentOS-Security-6
GPL              RELEASE-NOTES-en-US.html  RPM-GPG-KEY-CentOS-Testing-6
images           repodata                  TRANS.TBL

Open in new window

Section of kickstart file i am assign is shown below
# Kickstart file automatically generated by anaconda.

url --url=
lang en_US.UTF-8
keyboard us
network --onboot yes --device eth0 --mtu=1496 --bootproto static --ip --netmask --gateway --noipv6 --nameserver --hostname nac17
network --onboot no --device eth1 --bootproto dhcp --noipv6 --hostname nac17
rootpw  --iscrypted 
# Reboot after installation
reboot --eject
firewall --disabled
authconfig --enableshadow --passalgo=sha512
selinux --enforcing
timezone --utc Asia/Kolkata

Open in new window

I have 300 Ubuntu 14 PC's that I block all internet except a whitelist - I do this by disabling dns, and have the central server do dns lookups for everything on whitelist and put it in a hosts file and have all the hosts use that. Obviously, this is a bit hacky but it worked.

The problem now - I have a need to whitelist * Slack says subdomains change too much, they cant provide a static list, or even a current list and then let me update it.

So I guess I need to enable DNS - what might be easy ways to still restrict to a whitelist of domains? I can easily run shell scripts on all 300 machines. (they check in with central server and grab a script and run it regularly). So anything I can install/configure via script is a viable option...

If it's not too hard I could set up an ubuntu machine to be a dns server.

Basically what I want is whatever is easiest so that I can just provide a whiltelist, that is allowed to have wild cards like * and block everything else. I suppose it doesn't actually have to be a DNS based block if there is some client app.

Whatever it is, I am OK to set up a server myself - but the clients, it needs to be scriptable install/config.

I want to be able to update the whitelist easily/quickly.

Any ideas/suggestions?
I have linux application account and  would like to restrict the user to login directly. I want this account to be under sudoers. users can login and sudo into this account. How do i do that in linux?
John Experts,

I am running John on Kali.
I have ntlmv2 hashes in a file called hash.txt under /tmp
I just want to just the default word list

I know all my passwords are min 10 characters and max 14 characters
I know there will only be one digit within 0-9

Given the above, what do I edit within john.conf to reflect this?
How to disable disable any 96-bit hmac algorithms in centos

I am working on a tenable nessus audit file for ibm aix.

What i am trying to achieve is 2 compliance check on the /etc/hosts.equiv file:

1. To find all UID less that 100 and UID not equals to the default system user ids (0,1,2,3,4,5)

2. To find all GID less that 100 and GID not equals to the default system group ids (0,1,2,3,4,5)

type: CMD_EXEC
description: "UID less than 100 and not system default UID"
cmd: ""
expect: ""

type: CMD_EXEC
description: "GID less than 100 and not system default GID"
cmd: ""
expect: ""

I am really new to working with tenable and also new to aix.

Really apperciate if anyone can help me out with what i should put for the cmd and expect statement on how to make the compliance check work.

Thanks really apperciate it!

We need to have a standalone IPS solution put in.  We currently run two pfSense firewalls in an HA setup.  I was looking around on eBay and saw a Tipping Point 210E (two of them).  Are they still good with updates to definitions?  Any other less cost recommendations?
pfSense HA works a little odd too, so I'm not sure if this will even work.
Firewall 1 WAN IP x.x.x.1
Firewall 2 WAN IP x.x.x.2
Firewall Shared WAN IP x.x.x.3

Same setup with internal LAN IPs.  Each firewall has its own physical connection to the modem via ethernet for the WAN side and LAN side.
Short question that requires a lengthy answer....   For security reasons -- Should we host our website on a linux box or Windows?    Ultimately it will have to share data with our MS SQL server.   Also looking for someone reasonably priced but excellent web developer.... (do those go hand-in-hand?)

What, When and Where - Security Threats from Q1
What, When and Where - Security Threats from Q1

Join Corey Nachreiner, CTO, and Marc Laliberte, Information Security Threat Analyst, on July 26th as they explore their key findings from the first quarter of 2017.

Hello Folks,
I have a few users to create for centos, and I would like to set them with restrictions such "system tools, create shortcuts, folders...similar to a kiosk " is there any way to do that or is there a special profile that needs to be created?

thanks for looking
I need to connect a Virtual Machine hosted somewhere running CentOS 6 to a client which is allowing connection through VPN only. However I have almost no knowledge about VPNs. The client has given me following info for connection:

VPN Remote Endpoint: <IP Address given by the client>
VPN Hardware: NGX R75.45 (SPLAT)

IKE (Phase 1)
Authentication Method: Pre shared key (TBA)
DIffie-Hellman group: DH-2
Encryption Algorithm: AES-128
Hashing Algorithm: SHA-1
Renegotiate IKE: 14400 seconds

IPSEC (phase 2)
Encryption Algorithm: AES-128
Hashing Algorithm: SHA-1
Renegotiate IKE: 3600 seconds
PFS Enabled: Yes

I am not sure where to put all these info in CentOS to make it to connect to the client's network.

I will be much thankful for any help.
what are differences between
user defined, environmental. local, global variables

when to use which one. what are advanatages, disadvantages of using each with practical examples.
please advise

I like to write a unix shell script to check calendar year, date, current working directory.

how to write and shave .sh file(Say and how to execute to see the output.

Any detailed link explaining these steps with screenshots. please advise
What are differences between
touch cat vi differences

which one is better to use to create a file. When to use which one. please advise

I like to delete matched pattern in a file using vi editor and sed command

i tried as below not working

$ sed 'hello' aaaa.txt :%

please advise

I'm using Alienvault Ossim v. 5.3.79 together with ossec v. 2.8.

I'm trying to extend the following rules:
1002 - Unknown error somewhere in the system - bad words;
1003 - Non standard system message (size too large).

As these two rules give me a lot of false positive alerts, I've prepared custom rules in the local_rules.xml:
Original rules (syslog_rules.xml):

<rule id="1002" level="2">
    <description>Unknown problem somewhere in the system.</description>

  <rule id="1003" level="13" maxsize="1025">
    <description>Non standard syslog message (size too large).</description>

Open in new window

Custom rules (local_rules.xml):

<rule id="100002" level="0">
    <match>Sequence Errors: 0, Bad Packets: 0</match>
    <description>False positive</description>

  <rule id="100003" level="0">
    <description>Ignoring 1003 from specified host</description>

Open in new window

Unfortunately looks like above custom rules are ignored when I'm trying to use ossec-logtest:
For 1003:
echo "Apr 27 11:10:04 host1 user1[21565]: ./ - Lorem ipsum dolor sit amet libero et lacus vestibulum vel, nibh. Fusce nonummy risus sit amet quam tempus vehicula, dui tellus, at lorem odio adipiscing at, egestas non, nulla. Maecenas in nulla quis 

Open in new window

Dear All,

We have created a chrooted jail environment for our SFTP access. Using chrooted environment, we restrict users either to their home directory or to a specific directory. Now my question is if there's anyway we can an additional username to access the same home directory for other username? Or any other words, is there anyway I can assign different usernames to the same home-directory and have it chrooted jail?

Below is our current config if that helps:

group add sftponly

vi /etc/ssh/sshd_config

#Subsystem sftp /usr/libexec/openssh/sftp-server
Subsystem sftp internal-sftp
Match Group sftponly
ChrootDirectory %h
ForceCommand internal-sftp
X11Forwarding no
AllowTcpForwarding no

systemctl restart sshd.service

useradd USERNAME –g sftponly –s /bin/false
passwd  USERNAME

chown root /home/USERNAME
chmod 755 /home/USERNAME
chmod 755 /home/USERNAME/SFTPWRITE

setsebool –P ssh_chroot_rw_homedirs on
I am conducting a penetration test against a fake Apache Tomcat server.  I have exploited the vulnerability in Metasploit and was able to open a Meterpreter session.  Some of my commands work with Meterpreter; however, commands such as "run hashdump" and "getsystem" return an error of this version of Meterpreter is not supported with this script.  I am running a virtual environment of Metasploit v4.10.0.  Is there any other script that can be used to complete this hashdump? Below is the exploit and payload that I used to open meterpreter:
use exploit/multi/http/tomcat_mgr_upload
set payload java/meterpreter/reverse_http

I have tried all other payloads that are are shown from the "show payloads" command.
Are You Headed to Black Hat USA 2017?
Are You Headed to Black Hat USA 2017?

Getting ready for Black Hat next week? Kick things off with the WatchGuard Badge Challenge and test your puzzle and cipher skills. Do you have what it takes to earn our limited edition Firebox Badge? Get started today -

Dear Colleagues,

I have a problem with executing SU command in Ubuntu 16.04.02. LTS.
The output is « -bash: /bin/su: Permission denied » (see attached screenshot).

Plz suggest something to overcome this issue.
Hi All,

Getting the above following message in my auth.log on my server from the above ip and many others ... what does this mean?

It is some type of Linux honey pot program. I was given a fife,, that is supposed to set the program up to to end to a SIEM to gather information on my internal network. Supposed to be installed on Linux Mint Mate 18. Classified as a "Low-Interaction" HoneyPot.

I have not been able to locate the installer or information more that I have given. Any help would be appreciated.
I want firefox to not erase cookies on browser close. I want to set this via a script. Below are gui based instructions for the goal settings.

Anyone know how to do this?



At the top of the Firefox window, click the Firefox button and then select Options
Select the Privacy panel
In the History section, set Firefox will: to Use custom settings for history
Select the check box for Clear history when Firefox closes
click the Settings… button. The Settings for Clearing History window will open
In the Settings for Clearing History window, click the check mark box next to Cache.
Click OK
On RH 6 systems running rsyslog 5.8.10 we noticed that if we setup a
client system to use TCP to log to a remote server:
*.*       @@

Open in new window

If the remote log server is not reachable for some reason no logging takes place, not even local logging to the local system log files.
When the log server is available and rsyslog is restarted  both local logging and remote logging work.   I would like to come up with a config that would ensure that local logging still occurs when  the TCP remote server is down?  I think I need to look at action queues, but was hoping someone could provide an example on how to get this to work.
What is 'sticky session' when considering web traffic load balancing and how session-stickiness is usually achieved ?

can you please explain me a real world scenario. Like how it is used.

Linux Security

The Linux operating system, in all its flavors, has its own share of security flaws that allow intrusions, but there are various mechanisms by which these flaws can be removed, generally divided into two parts: authentication and access control. Authentication is responsible for ensuring that a user requesting access to the system is really the user with the account, while access control is responsible for controlling which resources each account has access to and what kind of access is permitted.

Top Experts In
Linux Security