Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x

Linux Security

The Linux operating system, in all its flavors, has its own share of security flaws that allow intrusions, but there are various mechanisms by which these flaws can be removed, generally divided into two parts: authentication and access control. Authentication is responsible for ensuring that a user requesting access to the system is really the user with the account, while access control is responsible for controlling which resources each account has access to and what kind of access is permitted.

Share tech news, updates, or what's on your mind.

Sign up to Post

Hey I am changing my SSH key.

How do I remove my old SSH key from my servers trusted keys.
0
Granular recovery for Microsoft Exchange
LVL 1
Granular recovery for Microsoft Exchange

With Veeam Explorer for Microsoft Exchange you can choose the Exchange Servers and restore points you’re interested in, and Veeam Explorer will present the contents of those mailbox stores for browsing, searching and exporting.

Hi,
I'm comparing these two lines in the audit.rules files.

-a always,exit -F arch=b32 -S clock_settime -F a0=0 -k time-change

Open in new window

-a always,exit -F arch=b32 -S clock_settime -k time-change

Open in new window


Could you please tell me the what -F a0=0 stands for?
Thank you
Carlettus
0
i install ssh in ubuntu. i start services and it's  runnig. idisabled firewall. i add keygen in authorized_keys.
ssh <ip_host> says  Permission denied (publickey).
0
BACKGROUND:
A ways back, I'd set up nameservers on my VPS (let's call them 'ns1.mydomain.com' and 'ns2.mydomain.com').  I host a couple of dozens websites on that VPS.

For all of my domains, on the domain registrar's site, I'd set the Nameservers for that domain to Custom Nameservers:  'ns1.mydomain.com' and 'ns2.mydomain.com'.

Recently, I had to ask my VPS provider to create a new server for me (let's call it 'newVPS'), leaving my previous VPS (let's call it 'oldVPS') active so I could migrate or re-create accounts and contents from the oldVPS to the newVPS.

Both the oldVPS and newVPS use WHM/CPanel admin interfaces.  
The oldVPS is setup as (cut and pasted from the WHM panel banner): 'CENTOS 6.9 i686 virtuozzo – oldvps  WHM 56.0 (build 52)'
The newVPS is setup as (cut and pasted from the WHM panel banner): 'CENTOS 7.4 virtuozzo [newvps]  v68.0.21'

My understanding (which is limited in these areas) is that the nameservers I setup on my VPS have to be associated with one of the domains I own/host on that VPS.

The nameservers which I had previously setup on oldVPS were associated with 'mydomain.com' one of the domains/accounts hosted on oldVPS.  

For simplicity, I'm thinking of creating new nameservers on newVPS and associate them with 'myotherdomain.com', another domain/account to be hosted on newVPS.

QUESTION:
How do I create my new nameservers on newVPS, say 'ns1.myotherdomain.com' and 'ns2.myotherdomain.com', presumably from newVPS's WHM (I'm …
0
Hello Experts,

We have an application which is login on CentOS 6.8 64 bit (GUI Interface) & after login generate tcp port 50000 for make connection with user.
Behind that port there are many connection connected with different-different IP (192.168.207.11, 207.12, 207.13) & user name (user1, user2, user3):

Example Output:-
[root@CC ~]# lsof -i :50000
COMMAND    PID USER   FD   TYPE DEVICE SIZE/OFF NODE NAME
TCPServer 3647 rajat  245u  IPv4 156532      0t0  TCP 192.168.207.125:50000->192.168.207.15:49277 (ESTABLISHED)
TCPServer 3647 rajat  261u  IPv4  23354      0t0  TCP *:50000 (LISTEN)
TCPServer 3647 rajat  387u  IPv4  24955      0t0  TCP 192.168.207.125:50000->192.168.207.13:49271 (ESTABLISHED)

From this cmd i only check which IP is connected behind port 50000, but i want to check user name also. Please suggest.
0
Does anyone know how I can stop LFD from sending Failure emails for trusted processes? Do I need to 'whitelist' certain processes in CSF?
Mine is sending an email every minute or so, resulting in tens of thousands of useless emails (& using server time of course)

THE EMAIL MESSAGE:
Subject:  
lfd on server.myservername.com: Suspicious process running under user postfix
Body:  
Time:    Fri Dec  8 07:56:26 2017 -0800
PID:     23757 (Parent PID:12511)
Account: postfix
Uptime:  104 seconds

Executable:
/usr/libexec/postfix/smtpd

Command Line (often faked in exploits):
smtpd -n 25 -t inet -u -o stress=

Network connections by the process (if any):
tcp: 0.0.0.0:25 -> 0.0.0.0:0

Files open by the process (if any):
/dev/null
/dev/null
/dev/null
/var/spool/postfix/pid/inet.25
anon_inode:[eventpoll]
/etc/aliases.db
/etc/aliases.db
/var/spool/postfix/plesk/aliases.db
/var/spool/postfix/plesk/aliases.db
/var/spool/postfix/plesk/virtual.db
/var/spool/postfix/plesk/virtual.db
/var/spool/postfix/plesk/vmailbox.db
/var/spool/postfix/plesk/vmailbox.db
/var/spool/postfix/plesk/blacklists.db
/var/spool/postfix/plesk/blacklists.db

Memory maps by the process (if any):
7f3a55962000-7f3a55971000 r-xp 00000000 103:01 11846418                  /usr/lib64/libbz2.so.1.0.6
7f3a55971000-7f3a55b70000 ---p 0000f000 103:01 11846418                  /usr/lib64/libbz2.so.1.0.6
7f3a55b70000-7f3a55b71000 r--p 0000e000 103:
etc etc etc
0
hi,

we have about 3 users say user1, user2, user3 on the weblogic server. The application logs and server logs getting filled up every 3 weeks or so causing server to choke. How to write a script to clean automatically those application log and server log folder contents automatically say every week on friday midngiht at 11 PM

please advise
0
Hi experts
i need the command line for ubunt to copy file from my ubuntu desktop to windows pc
thanks
0
Hello,

I would like to know how to implement ssl-cert-check from ssl-cert-check

I do have a windows box at work. Can i create it through Cygwin ?

Or what Linux flavor can i use ? Thoughts ?

Thanks for your help.
0
bash-4.4$ mv -i dir2 dir3                                                                                                                          
bash-4.4$ ls -ltr                                                                                                                                  
total 12                                                                                                                                          
-rw-r--r-- 1 14392 14392  978 Nov 22 16:46 README.txt                                                                                              
-rw-r--r-- 1 14392 14392    7 Nov 22 16:47 456.txt                                                                                                
drwxr-xr-x 2 14392 14392 4096 Nov 22 16:49 dir3                                                                                                    


i tried as above but i did not get warning  like below

mv: overwrite `dir2'?


i tested with files also but no warning coming

bash-4.4$ touch a.txt                                                                                                                              
bash-4.4$ mv a.txt b.txt                                                                                                                          
bash-4.4$ ls -ltr                                                                                                                                  
total 12           …
0
Free Tool: Path Explorer
LVL 11
Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

I am getting this error message, when I was trying to run rpmbuild --rebuild lin_tape-3.0.23-1.src.rpm on Red Hat Linux 7.4 (Kernel version: 3.10.0-693.1.1.el7.x86_64). Can some one let me know what is problem and what should be the proper procedure to fix it. Here is the output mentioned below,

#rpmbuild --rebuild lin_tape-3.0.23-1.src.rpm
Installing lin_tape-3.0.23-1.src.rpm
Executing(%prep): /bin/sh -e /var/tmp/rpm-tmp.sCvFVM
+ umask 022
+ cd /root/rpmbuild/BUILD
+ cd /root/rpmbuild/BUILD
+ rm -rf lin_tape-3.0.23
+ /usr/bin/gzip -dc /root/rpmbuild/SOURCES/lin_tape-3.0.23.tgz
+ /usr/bin/tar -xf -
+ STATUS=0
+ '[' 0 -ne 0 ']'
+ cd lin_tape-3.0.23
+ /usr/bin/chmod -Rf a+rX,u+w,g-w,o-w .
+ exit 0
Executing(%build): /bin/sh -e /var/tmp/rpm-tmp.KGligF
+ umask 022
+ cd /root/rpmbuild/BUILD
+ cd lin_tape-3.0.23
++ echo x86_64-redhat-linux-gnu
++ cut -f 1 -d -
+ p=x86_64
+ '[' x86_64 == i386 ']'
+ '[' x86_64 == i586 ']'
+ '[' x86_64 == i686 ']'
+ '[' x86_64 == ppc64 ']'
+ '[' x86_64 == powerpc ']'
+ '[' x86_64 == powerpc64 ']'
+ '[' x86_64 == s390 ']'
+ '[' x86_64 == s390x ']'
+ '[' x86_64 == ia64 ']'
+ '[' x86_64 == x86_64 ']'
+ proc=AMD
+ make KERNEL=3.10.0-693.1.1.el7.x86_64 PROC=x86_64 SFMP=0 driver
make: Nothing to be done for `driver'.
+ exit 0
Executing(%install): /bin/sh -e /var/tmp/rpm-tmp.hQeoFx
+ umask 022
+ cd /root/rpmbuild/BUILD
+ '[' /root/rpmbuild/BUILDROOT/lin_tape-3.0.23-1.x86_64 '!=' / ']'
+ rm -rf …
0
I'm trying to run x11vnc with the --passwdfile option. This option sends a challenge string to the VNC client. The client opens a dialog on the user's screen asking for a password. The client then sends the response string back to the VNC server. The VNC server calls the program referenced by the --passwdfile parameter with this string in the following format:

A two-byte length (in this case 16), followed by the challenge string (16 bytes), followed by the response string (16 bytes). What I get back, in hex is:
 0: 0A 6E 65 78 74 0A 31 36 0A 23 36 F4 E1 03 EE 30    .next.16.#6....0
10: 16 85 FC E9 4C F1 F5 16 5C 2C D5 5C 93 C2 21 29    ....L...\,.\..!)
20: 3A DF C2 A2 7C E9 1F 1A D7                         :...|....

Open in new window

The <newline>next<newline> can be ignored as this is debug stuff from my script. The strings are:
Challenge:
23 36 F4 E1 03 EE 30 16 85 FC E9 4C F1 F5 16 5C

Response:
2C D5 5C 93 C2 21 29 3A DF C2 A2 7C E9 1F 1A D7

Open in new window

The manpage defines the response string as, "client's response (i.e. the challenge string encrypted via DES with the user password in the standard situation)." I have no further information or documentation. I assume one must use the challenge string to decode the response string and get the user-entered password, but I've no idea how to do that.
0
hi

How to Make The Text Cursor Automatically when i'm on console text ?
I use directly on boot the tty console and desactivate graphical mode.

Thanks for your reply,

someone talk me about : /etc/inittab, or /etc/fstab
But i don't think it's good idea to modify 2 by 5
0
I’m having trouble setting up LUKS on a Red Hat Test Server. I decided not to have a DEV prompt for a passphrase at boot but to use manual decryption instead. This is supposed to require execution of the cryptsetup commands and mounting. I attempt to set it up on a blank second disk I recently installed. Here’s the session…

**************************

sudo cryptsetup luksOpen /dev/sdb crypt-sdb
# enter /dev/sdb password

sudo cryptsetup luksClose /dev/sdb crypt-sdb

**************************



This then caused RHEL to freeze and force a cold reboot. I then used yum to run updates. I try again…



**************************

sudo cryptsetup luksOpen /dev/sdb crypt-sdb
# enter /dev/sdb password
#[<username>@localhost dev]$ sudo cryptsetup luksClose /dev/sdb crypt-sdb
Device sdb not found

# [<username>@localhost dev]$ sudo mount /dev/sdb
mount: can't find /dev/sdb in /etc/fstab

**************************



So I attempt to enter /dev/sdb in /etc/fstab but unsuccessful since it’s read-only. I try this.



**************************

[<username>@localhost etc]$ sudo cryptsetup luksFormat /dev/sdb
[sudo] password for <username>:

WARNING!
========
This will overwrite data on /dev/sdb irrevocably.

Are you sure? (Type uppercase yes): YES
Enter passphrase:
Verify passphrase:
Cannot format device /dev/sdb which is still in use.
[<username>@localhost etc]$ sudo umount /dev/sdb
umount: /dev/sdb: not mounted
[<username>@localhost …
0
Hi Experts
i need to disable ubuntu desktop 17.10  GUI and startup with command or tty only
i googled for this and i found that i need to run this command
sudo systemctl stop lightdm.service
but i got error the lightdm is not available
0
I am using rubinus 3.86 and CentOS7(x86_64).
The installation directory is / var / home / ap / rubinius.

I attempted to install nio4r using the gem command and it failed.
The log at that time is as follows.

It is described as "method_missing", but what does it mean?

cat /var/home/ap/rubinius/gems/extensions/x86_64-linux/2.3/nio4r-2.1.0/gem_make.out

current directory: /var/home/ap/rubinius/gems/gems/nio4r-2.1.0/ext/nio4r
/ var / home / ap / rubinius / bin / rbx -r ./siteconf20171112-15122-n0ryc2.rb extconf.rb --with-ldflags = - L / var / home / lib / gcc5 / lib64
checking for unistd.h ... yes
checking for sys / select.h ... yes
checking for poll.h ... yes
checking for sys / epoll.h ... yes
checking for sys / event.h ... no
checking for port.h ... no
checking for sys / resource.h ... yes
                  main # Rubinius :: Loader at core / loader.rb: 861
                script # Rubinius :: Loader at core / loader.rb: 679
           load_script. Rubinius :: Code Loader at core / code_loader.rb: 590
           load_script # Rubinius :: Code Loader at core / code_loader.rb: 505
            __script__ # Object at extconf.rb: 21
   << (method_missing) # Kernel (NilClass) at core / zed.rb: 1413

undefined method `<< 'on nil: NilClass. (NoMethodError)

An exception occurred running extconf.rb
*** extconf.rb failed ***
Could not create Makefile due to some reason, probably lack of necessary
libraries and / or headers. Check the mkmf.log file for …
0
Hello Folks,

does anybody have any idea on how to remove/hide Places from the top panel?

Thanks for looking
0
Hi,

I am looking for some test cases I can include in a virtual network to create rules that can make sense in an office scenario, like prohibiting social media, proxies, etc. Any ideas are appreciated, so that I will apply rules according to a particular test case. Any difficulty level, and the more original they are, the better!

Thanks in advance
0
I recently installed LAMP, then set up virtual sites by running sudo mkdir example.com.

I don't remember if I did this from root or from my limited user account.

When I log into SFTP from my limited user account it says permission denied in my FTP client.

Is this because I created the directories from the root account?

is it safe to be able to read and write files from a limited user account?

What command should I run to set the proper permissions?

thanks
0
Get your problem seen by more experts
LVL 11
Get your problem seen by more experts

Be seen. Boost your question’s priority for more expert views and faster solutions

I installed a password program on  Linux Ubuntu and have been away from this computer for about six months and of course forgot my login password (my Super user I remember). I have almost no knowledge of computers can someone walk me through the process of getting past it to get back on that thing? Or do i light it on fire?? (I don't really want to light it on fire, lol). and there are some important docs on there.
0
I have this issue where non-root (ie non-priv) UNIX users or even applications could
alter or create files that are world-writable & this will easily become an audit issue.

As the creator/owner, they can always change the file permission using chmod.
"umask" can set the default settings for files created but this will not stop them
from altering it subsequently.

Q1:
Can provide sample ACLs or any method such that even owners of files can't alter
the UNIX file permission?

Q2:
Is there any way without using paid products (OpenSource is fine) to alert us if
file permissions are being changed?  Sort of File Integrity Monitoring but we
don't want to be alerted/notified if file content or dates are changed, only if
permission is changed.


We run Solaris 10 & 11 (both have ACL features) & AIX 6.x/7.x and RHEL 7.x.

Or is there a "find ..."  command which we can run daily to identify which files'
permissions got changed the last 1 day?
0
We have a vendor who has put his linux based appliance behind a firewall. If I ssh to the system from the same subnet as the linux appliance ssh succeed - giving me a login prompt and then succeeding with authentication. If I login to the linux appliance from the Outside of the firewall the conversation succeeds apparently - I get a login prompt. But when I enter the same credentials the connection is promptly terminated. If I look at the firewall I see only the allowed SSH session and no other denies to the server.
Any idea what might be going on? What logging could be looked at on the linux appliance to give us insight as to why the ssh connection is failing in the second case? Thank you
0
hi,

I connnected to one production inace went to the log directory where bunch of log files there.

how to continuosly monitor logs for any possible errors , exceptions.

how frequently new files created?
do i have to do vi command to open the log file

please advise
0
On SLES 12.2 I do the following as root user:

mkdir -p /some/directory/ramdisk
chown -R simpleuser:users /some
chmod 777 /some/directory
chmod 777 /some/directory/ramdisk

Open in new window


Then I add this to /etc/fstab:
ramfs /some/directory/ramdisk ramfs defaults 0 0

Open in new window

followed by
mount /some/directory/ramdisk

Open in new window


What I expect is a ramfs mounted to /some/director/ramdisk, owned by simpleuser and users, with permissions set to 777.

Surprisingly, after rebooting the machine, the owner of /some/director/ramdisk is root:root, and the permissions have changed to something more restrictive. I deem that more of a feature  than a bug, but that behaviour is really annoying in the environment I use it in.

Currently I do an explicit change of ownership and permissions prior to starting the application that uses the ramdisk (in the respective script, with sudo), but I deem that not very elegant.

Any hint what causes the changes, and how to prevent them ?
0
our lab recently has a new Ubuntu (14.04.1) machine but many of software package is out of date.
I try to update it before upgrade to Ubuntu 16.04. However, there is always problems for the command "sudo apt-get update"

I have googled this problem and change "/etc/apt/sources.list" several times, but the error still exists.
I am thinking the error may come from => Could not resolve 'hcapxb01'
I have no idea about the 'hcapxb01'.  My machine has internet connection but I can't ping or nslookup the  'hcapxb01'

Experts, please help me to slove "sudo apt-get update" error. Thank you
Snap1.png
0

Linux Security

The Linux operating system, in all its flavors, has its own share of security flaws that allow intrusions, but there are various mechanisms by which these flaws can be removed, generally divided into two parts: authentication and access control. Authentication is responsible for ensuring that a user requesting access to the system is really the user with the account, while access control is responsible for controlling which resources each account has access to and what kind of access is permitted.

Top Experts In
Linux Security
<
Monthly
>