Linux Security

The Linux operating system, in all its flavors, has its own share of security flaws that allow intrusions, but there are various mechanisms by which these flaws can be removed, generally divided into two parts: authentication and access control. Authentication is responsible for ensuring that a user requesting access to the system is really the user with the account, while access control is responsible for controlling which resources each account has access to and what kind of access is permitted.

Share tech news, updates, or what's on your mind.

Sign up to Post

Hi,

need help...
i am having two servers,  web reverse proxy and tomcat application server.

1. tomcat Application server is 120.121.25.16 default port number changed in server.xml file, port number is 28056. I checked the tomcat application server, it works after port change and verified application.

2. RH7.7 reverse proxy server 10.38.11.26
i installed httpd.
/etc/httpd/conf/httpd.conf edited and changed the default port 80 to 29081 in listener.
restartng the httpd, it is failing

After port change the httpd service not coming up...

Error below...
Oct 18 23:04:34 webpxy1httpd[19252]: AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 10.250.245.6. Set the 'ServerNa
Oct 18 23:04:34 webpxy1 httpd[19252]: (13)Permission denied: AH00072: make_sock: could not bind to address [::]:8011
Oct 18 23:04:34 webpxy1 httpd[19252]: (13)Permission denied: AH00072: make_sock: could not bind to address 0.0.0.0:8011
Oct 18 23:04:34 webpxy1 httpd[19252]: no listening sockets available, shutting down
Oct 18 23:04:34 webpxy1 httpd[19252]: no listening sockets available, shutting down
Oct 18 23:04:34 webpxy1 httpd[19252]: AH00015: Unable to open logs
Oct 18 23:04:34 webpxy1 systemd[1]: httpd.service: main process exited, code=exited, status=1/FAILURE
Oct 18 23:04:34 webpxy1 kill[19253]: kill: cannot find process ""
Oct 18 23:04:34 webpxy1 systemd[1]: httpd.service: control process exited, code=exited status=1
Oct 18 23:04:34 …
0
PMI ACP® Project Management
LVL 13
PMI ACP® Project Management

Prepare for the PMI Agile Certified Practitioner (PMI-ACP)® exam, which formally recognizes your knowledge of agile principles and your skill with agile techniques.

Hi,
1. How to resolve issue below?

[code][root@28-218-217-172-on-nets home]# chown -R smb01 ~/home/share
chown: cannot access ‘/root/home/share’: No such file or directory
[root@28-218-217-172-on-nets home]#

Open in new window

[/code]
I want to grant write permission to user smb01.

2. Is "ls -l" enough to list out all rights of user smb01 on folder /home/share? Is there any other command?
0
Hello EE,

I need to document all installed FOSS ( Free and open Source ) software installed on RHEL systems for legal team . Is there a way to show the licensing info for all packages and OS info easily with a script or via cmd line ?
0
Hi

I've built a MediaWiki server using Debian (Linux)

How would I block internet access from the server?  What's the best way to secure it?
0
i have active directory on ubuntu. i try to change password from ubuntu.
it failed: passwd: Authentication token manipulation error
passwd: password unchanged
i try to reboot still the same i try
sudo mount -o remount,rw /  same problem
my shadow file under /etc has 0640 as permission
rewrite of pam-auth-update not help so much.
0
I am wanting to stop scrapers and crawlers with fail2ban but I am having trouble with getting the regex to match.  Here is my access_log

47.89.184.126 - - [13/Jun/2019:11:53:30 -0400] "GET /12all/lt/t_go.php?i=currentmesg&e=subscriberid&l=-http--www.theherbsplacenews.com/2009/11/usda-allows-ecoli-meat-to-be-sold.html HTTP/1.1" 404 43077 "http://www.theherbsplacenews.com/2009/12/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Ubuntu Chromium/52.0.2743.116 Chrome/52.0.2743.116 Safari/537.36"
47.89.184.126 - - [13/Jun/2019:11:53:39 -0400] "GET /12all/lt/t_go.php?i=currentmesg&e=subscriberid&l=-http--www.theherbsplacenews.com/2009/12/depression-and-mental-health.html HTTP/1.1" 404 43072 "http://www.theherbsplacenews.com/2009/12/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Ubuntu Chromium/52.0.2743.116 Chrome/52.0.2743.116 Safari/537.36"
47.89.184.126 - - [13/Jun/2019:11:54:10 -0400] "GET /12all/lt/t_go.php?i=currentmesg&e=subscriberid&l=-http--www.theherbsplacenews.com/2009/12/cocaine-heroin-spices-more-in-our-water.html HTTP/1.1" 404 43083 "http://www.theherbsplacenews.com/2009/12/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Ubuntu Chromium/52.0.2743.116 Chrome/52.0.2743.116 Safari/537.36"
47.89.184.126 - - [13/Jun/2019:11:54:13 -0400] "GET /12all/lt/t_go.php?i=currentmesg&e=subscriberid&l=-http--www.theherbsplacenews.com/2009/11/gingko-protects-cells-from-radiation.html HTTP/1.1" 404 

Open in new window

0
putty agent setup.

I have created public key/private keys using ssh-keygen command in my linux box.

i got the following files.

id_rsa
id_rsa.pub

I did setup my putty configuration to allow agent forwarding.  I did launch pagent.exe file and tried to import my id_rsa.pub key and it is expecting a key with the ppk format.

- do we add public key or private key
- how do i convert the ssh keys to ppk format.
0
Attached is a list of *strut* files that are present in our UNIX servers.
Was told by our app staff that we are on a very old (& likely vulnerable) Struts.

Which lines mean we have Struts in our server & the files that we can remove
to fix our vulnerability?   Was told by app staff he doesn't need the Struts but
will need to identify which specific Struts files to remove
Tv06_Struts.txt
0
Can anyone provide a step by step instruction on how to compile & 'make'
a fully useable ClamAV on Solaris 10 (x86)?

A minor update engine was released for Linux with source code but package
is only available for Linux, no Solaris
0
https://github.com/sveeke/harden_linux

Referring to above URL, I only see the harden_CentOS7  script but
not the two Debian & Alpine Linux: did I miss something or can
anyone point me to the right URLs to get the scripts?
0
Rowby Goren Makes an Impact on Screen and Online
LVL 13
Rowby Goren Makes an Impact on Screen and Online

Learn about longtime user Rowby Goren and his great contributions to the site. We explore his method for posing questions that are likely to yield a solution, and take a look at how his career transformed from a Hollywood writer to a website entrepreneur.

Hallo Experts
     
For our Security Operations Center (SOC), we are searching for a tool that can collect “Threat Artifacts”. When I worked with McAfee in the past, they used GetSusp to collect information about undetected malware on their computer.
     
We are searching for a similar tool that we can use in the network to collect information remotely. What would you recommend us? It would be nice, if the tool would work on Windows & Linux, albeit this is not a must.
   
Thanks a lot
1
Refer to attached  TrendMicro's  Interscan proxy VM (a custom Linux)
that shows spurious memory shortage.

Have allocated 32GB to the VM & with only 2 users accessing, already
getting these memory messages : plan to roll out to 500 users.


What can be done to address this?  Increase swap space or RAM?
Or there's something to tune?  Hopefully don't have to switch to
another type of proxy.

As this is a bundled free product, quite difficult to get support.

Btw, what's the default root password when it's first set up?
TMproxyoutofMem.png
0
we prefer not to do apps whitelisting on our rhel n solaris due to fears of service disruption.

what alternative mitigations can we implement?
0
Good Afternoon Experts.

I have a client who is basically a Kibbutz (Think of a settlement but in a real social way of life)
Basically, They have a centos 6.10 server that was deployed by the previous sysadmin who is no longer available and said sysadmin enabled smb v1 on that server and activated shared for people to be able to view various pictures and such from various events. all was well until Microsoft decided to disable SMB V1 out of the box and to require a certain procedure to allow it, now since I can't remotely control all the computers (It's not a domain environment, not actually a business at all) I need to allow SMB v2, my question is, can I, and if I can, How do I enable Support for SMB 1 and SMB 2 on the same shares at the same time?!
0
not sure how to explain this...

i'm not trying to do a directory traversal attack, i could do that in multiple lines with a script

i want to go back a directory "cd .."
then forward in the parent directory "cd .. cd johndoe"

.
..
/home/johnsmith
/home/johndoe
/home
/bin
/var
/etc

i want to do it in one line please


thanks

-dave.j
0
Have anyone used Colortokens https://colortokens.com/
what do the do exactly and what do they do for data center and endpoint security?
0
I inherited a Cent-OS Unix system and in our password vault there are passwords for the SQL user and a few
other things. But nothing for user "root". Is it possible that during the setup of the system that the root account
was disabled or removed and individual users were just made sudoers with access to everything with sudo?
Or would that be an uncommon practice?
0
I am using an older version of oxidized (rancid) to grab configs. It was build by someone else about three years ago. I'm trying to find where you configure the user ID and password to be used by the different network equipment. I don't see a reference to a user in /home/oxidized/.config/oxidized/config and not even a reference to device type PanOS which is what I'm aiming for.
0
im having a hard time completing this assignment. it's supposed to ping the IP addresses in IPADDR with the sizes in SIZER in two for loops,
extract the results and format the output.  some hosts are unreachable, and those must be identified, as the script is to run as quickly as possible. not wait for unreachable hosts to send back an icmp unreachable.


#!/bin/bash

IPADDR="140.192.40.4 192.168.1.16 100.1.1.15 192.168.2.15 192.168.20.23 10.1.1.1 10.1.1.11 10.1.1.12"
SIZER="64 128 256 512 1024 1280 1472 3000"

format=" %-20s %20s %20s %20s \n"
header="IP_ADDRESS PACKET_SIZE ROUND_TRIP_TIME STANDARD_DEVIATION"

for X in $IPADDR
do
        for Y in $SIZER
                do
                ping_results=$(ping -f -c 150 -s $Y $X)
                RESULT=$(echo $ping_results | grep -v "0% packet loss")
                if [[$RESULT = ""]]
                then
                        echo "unreachable"
                break
                IP=$(echo $ping_results |cut -d ' ' -f 2 )
                PACKETS=$(echo $ping_results |cut -d ' ' -f 4 )
                RTT=$(echo $ping_results | tail -1 | cut -d '/' -f 5 )
                SD=$(echo $ping_results | tail -1 | cut -d '/' -f 4 | grep -oE "\b\d\d\d")
                printf "$format" \
                $IP $PACKETS $RTT $SD \
echo "-------------------------------------------------------------"
0
Fundamentals of JavaScript
LVL 13
Fundamentals of JavaScript

Learn the fundamentals of the popular programming language JavaScript so that you can explore the realm of web development.

MY SYSTEM
Ubuntu Linux 18.04.1

QUESTION
I need to know what is the best recommended Anti-Virus and Malware protection I can install on my Linux machine.
Please include: Free, Less Expensive, and the Best (no matter what the price), so I can make my decision.
0
Hi ...
I was wondering if anyone knows how to change default icons for a new user in Slitaz.
By default, trash icon and Document icon get added to desktop when a new user logs in for the first time.
I am trying to change it only to Terminal.
Thank you for your Quick Prompts.
0
zgrep 'MobileDevice' xyz.log.20181121.gz|grep 'USER123'| awk '$0>= "2018-Nov-21 00:01" && $0<="2018-Nov-21 23:59"' | awk -F '|' '$24>300 {print}'
above grep printing all the columns successfully satisfying abov condition of

$24>300


Now i need to filter above query based on the state like Florida which is printing in 23rd column i.e $23

zgrep 'MobileDevice' xyz.log.20181121.gz|grep 'USER123'| awk '$0>= "2018-Nov-21 00:01" && $0<="2018-Nov-21 23:59"' | awk -F '|' '$23=FLORIDA {print}'

above query not working

how to check String equality in AWK

Please advise
0
I'll need to monitor several "privilege escalation related" Solaris 10 & RHEL6 files using
ACLs (Access Ctrl Lists) :

a) /etc/group, /etc/sudoers, /etc/cron.daily (or .weekly or any crons owned by root):
    ACL to send to syslog (so that we can pipe to SIEM) when permissions, ownership
    or contents of the above files are changed

b)visudo, sudo, usermod, useradd    command binary files :
   when these are being executed/run, ACL to send to syslog (who & when it's being
   executed)

Appreciate an exact  setacl (or the actual commands/settings in RHEL6 & Solaris 10
x86  samples
0
Need to harden a Solaris 10 that is connecting to Internet  from DMZ.

Anyone has a Solaris 10 hardening script that once run will harden for
a) Level 2 Profile
b) "Scored"

The attached which I got from GitHub doesn't seem quite fit to what's needed
& with all the "printf ...", it's more of listing out than actually doing hardening.


From CIS benchmark:

Scoring Information
================
A scoring status indicates whether compliance with the given recommendation impacts the assessed target's benchmark score. The following scoring statuses are used in this benchmark:
Scored  <==
Failure to comply with "Scored" recommendations will decrease the final benchmark score. Compliance with "Scored" recommendations will increase the final benchmark score.
Not Scored
Failure to comply with "Not Scored" recommendations will not decrease the final benchmark score. Compliance with "Not Scored" recommendations will not increase the final benchmark score.



Profile
=====

 Level 1
Items in this profile intend to:
o be practical and prudent;
o provide a clear security benefit; and
o not inhibit the utility of the technology beyond acceptable means.
 Level 2  <==
This profile extends the "Level 1" profile. Items in this profile exhibit one or more of the following characteristics:
o are intended for environments or use cases where security is paramount
o acts as defense in depth measure
o may negatively inhibit the utility or performance of the …
0
xhost executing successfully for the user who has the direct login access to the OS.

when I swtich to the other user (su) and which doesn't have the direct login access to OS, could not run the xhost command.

Kindly advice, how to achieve the same.
0

Linux Security

The Linux operating system, in all its flavors, has its own share of security flaws that allow intrusions, but there are various mechanisms by which these flaws can be removed, generally divided into two parts: authentication and access control. Authentication is responsible for ensuring that a user requesting access to the system is really the user with the account, while access control is responsible for controlling which resources each account has access to and what kind of access is permitted.

Top Experts In
Linux Security
<
Monthly
>