Linux Security

The Linux operating system, in all its flavors, has its own share of security flaws that allow intrusions, but there are various mechanisms by which these flaws can be removed, generally divided into two parts: authentication and access control. Authentication is responsible for ensuring that a user requesting access to the system is really the user with the account, while access control is responsible for controlling which resources each account has access to and what kind of access is permitted.

Share tech news, updates, or what's on your mind.

Sign up to Post

We recently performed a yum update on the RHEL7 box, and much to our dismay, the ability to open the port now fails.

There are two scripts we have to run in order to open the port:
This one runs:
sudo iptables -A INPUT -p tcp --dport 1234 -j ACCEPT

This one fails:
sudo iptables -A IN_public_allow -p tcp -m tcp --dport 1234 -m conntrack --ctstate NEW -j ACCEPT

Gives the following error:
iptables: No chain/target/match by that name.

This always worked for years, now that latest update won't allow this to run

Any help would be greatly appreciated.

Thanks
0
I have a ubuntu server on wan. i can connect to it via ssh from windows on another ip rang.
my clint not ping it and i can't ping my client from server.
how to use X app from server i install xinit and x app on server .
firewall is disabled on ubuntu server.
0
Hey I am changing my SSH key.

How do I remove my old SSH key from my servers trusted keys.
0
I am working a plan to create a best practice schedule for patching my environments. I know everyone has a different opinion on this but I am looking for a Positive way to move forward on this topic. I have 3 environments Test, dev test and Prod. Just looking for a push start if anyone has went through this some example schedules would be appreciated. Thanks
0
Hi,
I'm comparing these two lines in the audit.rules files.

-a always,exit -F arch=b32 -S clock_settime -F a0=0 -k time-change

Open in new window

-a always,exit -F arch=b32 -S clock_settime -k time-change

Open in new window


Could you please tell me the what -F a0=0 stands for?
Thank you
Carlettus
0
i install ssh in ubuntu. i start services and it's  runnig. idisabled firewall. i add keygen in authorized_keys.
ssh <ip_host> says  Permission denied (publickey).
0
Hi There,

I had connected to Ubuntu machine in windows through putty's ssh client assume the IP address is

55.170.23.156

I want to clone bit bucket inside this putty

assume the bit bucket url

is http://bitbucket.librariesdsw.net:8080/

assume bit bucket user name is bharath and password is welcome

how to clone this bitbucket inside this putty

please help,  thanks in advance

Kind regards,

Bharath K
0
BACKGROUND:
A ways back, I'd set up nameservers on my VPS (let's call them 'ns1.mydomain.com' and 'ns2.mydomain.com').  I host a couple of dozens websites on that VPS.

For all of my domains, on the domain registrar's site, I'd set the Nameservers for that domain to Custom Nameservers:  'ns1.mydomain.com' and 'ns2.mydomain.com'.

Recently, I had to ask my VPS provider to create a new server for me (let's call it 'newVPS'), leaving my previous VPS (let's call it 'oldVPS') active so I could migrate or re-create accounts and contents from the oldVPS to the newVPS.

Both the oldVPS and newVPS use WHM/CPanel admin interfaces.  
The oldVPS is setup as (cut and pasted from the WHM panel banner): 'CENTOS 6.9 i686 virtuozzo – oldvps  WHM 56.0 (build 52)'
The newVPS is setup as (cut and pasted from the WHM panel banner): 'CENTOS 7.4 virtuozzo [newvps]  v68.0.21'

My understanding (which is limited in these areas) is that the nameservers I setup on my VPS have to be associated with one of the domains I own/host on that VPS.

The nameservers which I had previously setup on oldVPS were associated with 'mydomain.com' one of the domains/accounts hosted on oldVPS.  

For simplicity, I'm thinking of creating new nameservers on newVPS and associate them with 'myotherdomain.com', another domain/account to be hosted on newVPS.

QUESTION:
How do I create my new nameservers on newVPS, say 'ns1.myotherdomain.com' and 'ns2.myotherdomain.com', presumably from newVPS's WHM (I'm …
0
Hello Experts,

We have an application which is login on CentOS 6.8 64 bit (GUI Interface) & after login generate tcp port 50000 for make connection with user.
Behind that port there are many connection connected with different-different IP (192.168.207.11, 207.12, 207.13) & user name (user1, user2, user3):

Example Output:-
[root@CC ~]# lsof -i :50000
COMMAND    PID USER   FD   TYPE DEVICE SIZE/OFF NODE NAME
TCPServer 3647 rajat  245u  IPv4 156532      0t0  TCP 192.168.207.125:50000->192.168.207.15:49277 (ESTABLISHED)
TCPServer 3647 rajat  261u  IPv4  23354      0t0  TCP *:50000 (LISTEN)
TCPServer 3647 rajat  387u  IPv4  24955      0t0  TCP 192.168.207.125:50000->192.168.207.13:49271 (ESTABLISHED)

From this cmd i only check which IP is connected behind port 50000, but i want to check user name also. Please suggest.
0
Does anyone know how I can stop LFD from sending Failure emails for trusted processes? Do I need to 'whitelist' certain processes in CSF?
Mine is sending an email every minute or so, resulting in tens of thousands of useless emails (& using server time of course)

THE EMAIL MESSAGE:
Subject:  
lfd on server.myservername.com: Suspicious process running under user postfix
Body:  
Time:    Fri Dec  8 07:56:26 2017 -0800
PID:     23757 (Parent PID:12511)
Account: postfix
Uptime:  104 seconds

Executable:
/usr/libexec/postfix/smtpd

Command Line (often faked in exploits):
smtpd -n 25 -t inet -u -o stress=

Network connections by the process (if any):
tcp: 0.0.0.0:25 -> 0.0.0.0:0

Files open by the process (if any):
/dev/null
/dev/null
/dev/null
/var/spool/postfix/pid/inet.25
anon_inode:[eventpoll]
/etc/aliases.db
/etc/aliases.db
/var/spool/postfix/plesk/aliases.db
/var/spool/postfix/plesk/aliases.db
/var/spool/postfix/plesk/virtual.db
/var/spool/postfix/plesk/virtual.db
/var/spool/postfix/plesk/vmailbox.db
/var/spool/postfix/plesk/vmailbox.db
/var/spool/postfix/plesk/blacklists.db
/var/spool/postfix/plesk/blacklists.db

Memory maps by the process (if any):
7f3a55962000-7f3a55971000 r-xp 00000000 103:01 11846418                  /usr/lib64/libbz2.so.1.0.6
7f3a55971000-7f3a55b70000 ---p 0000f000 103:01 11846418                  /usr/lib64/libbz2.so.1.0.6
7f3a55b70000-7f3a55b71000 r--p 0000e000 103:
etc etc etc
0
hi,

we have about 3 users say user1, user2, user3 on the weblogic server. The application logs and server logs getting filled up every 3 weeks or so causing server to choke. How to write a script to clean automatically those application log and server log folder contents automatically say every week on friday midngiht at 11 PM

please advise
0
Hi experts
i need the command line for ubunt to copy file from my ubuntu desktop to windows pc
thanks
0
Hello,

I would like to know how to implement ssl-cert-check from ssl-cert-check

I do have a windows box at work. Can i create it through Cygwin ?

Or what Linux flavor can i use ? Thoughts ?

Thanks for your help.
0
bash-4.4$ mv -i dir2 dir3                                                                                                                          
bash-4.4$ ls -ltr                                                                                                                                  
total 12                                                                                                                                          
-rw-r--r-- 1 14392 14392  978 Nov 22 16:46 README.txt                                                                                              
-rw-r--r-- 1 14392 14392    7 Nov 22 16:47 456.txt                                                                                                
drwxr-xr-x 2 14392 14392 4096 Nov 22 16:49 dir3                                                                                                    


i tried as above but i did not get warning  like below

mv: overwrite `dir2'?


i tested with files also but no warning coming

bash-4.4$ touch a.txt                                                                                                                              
bash-4.4$ mv a.txt b.txt                                                                                                                          
bash-4.4$ ls -ltr                                                                                                                                  
total 12           …
0
I am getting this error message, when I was trying to run rpmbuild --rebuild lin_tape-3.0.23-1.src.rpm on Red Hat Linux 7.4 (Kernel version: 3.10.0-693.1.1.el7.x86_64). Can some one let me know what is problem and what should be the proper procedure to fix it. Here is the output mentioned below,

#rpmbuild --rebuild lin_tape-3.0.23-1.src.rpm
Installing lin_tape-3.0.23-1.src.rpm
Executing(%prep): /bin/sh -e /var/tmp/rpm-tmp.sCvFVM
+ umask 022
+ cd /root/rpmbuild/BUILD
+ cd /root/rpmbuild/BUILD
+ rm -rf lin_tape-3.0.23
+ /usr/bin/gzip -dc /root/rpmbuild/SOURCES/lin_tape-3.0.23.tgz
+ /usr/bin/tar -xf -
+ STATUS=0
+ '[' 0 -ne 0 ']'
+ cd lin_tape-3.0.23
+ /usr/bin/chmod -Rf a+rX,u+w,g-w,o-w .
+ exit 0
Executing(%build): /bin/sh -e /var/tmp/rpm-tmp.KGligF
+ umask 022
+ cd /root/rpmbuild/BUILD
+ cd lin_tape-3.0.23
++ echo x86_64-redhat-linux-gnu
++ cut -f 1 -d -
+ p=x86_64
+ '[' x86_64 == i386 ']'
+ '[' x86_64 == i586 ']'
+ '[' x86_64 == i686 ']'
+ '[' x86_64 == ppc64 ']'
+ '[' x86_64 == powerpc ']'
+ '[' x86_64 == powerpc64 ']'
+ '[' x86_64 == s390 ']'
+ '[' x86_64 == s390x ']'
+ '[' x86_64 == ia64 ']'
+ '[' x86_64 == x86_64 ']'
+ proc=AMD
+ make KERNEL=3.10.0-693.1.1.el7.x86_64 PROC=x86_64 SFMP=0 driver
make: Nothing to be done for `driver'.
+ exit 0
Executing(%install): /bin/sh -e /var/tmp/rpm-tmp.hQeoFx
+ umask 022
+ cd /root/rpmbuild/BUILD
+ '[' /root/rpmbuild/BUILDROOT/lin_tape-3.0.23-1.x86_64 '!=' / ']'
+ rm -rf …
0
hi

How to Make The Text Cursor Automatically when i'm on console text ?
I use directly on boot the tty console and desactivate graphical mode.

Thanks for your reply,

someone talk me about : /etc/inittab, or /etc/fstab
But i don't think it's good idea to modify 2 by 5
0
I’m having trouble setting up LUKS on a Red Hat Test Server. I decided not to have a DEV prompt for a passphrase at boot but to use manual decryption instead. This is supposed to require execution of the cryptsetup commands and mounting. I attempt to set it up on a blank second disk I recently installed. Here’s the session…

**************************

sudo cryptsetup luksOpen /dev/sdb crypt-sdb
# enter /dev/sdb password

sudo cryptsetup luksClose /dev/sdb crypt-sdb

**************************



This then caused RHEL to freeze and force a cold reboot. I then used yum to run updates. I try again…



**************************

sudo cryptsetup luksOpen /dev/sdb crypt-sdb
# enter /dev/sdb password
#[<username>@localhost dev]$ sudo cryptsetup luksClose /dev/sdb crypt-sdb
Device sdb not found

# [<username>@localhost dev]$ sudo mount /dev/sdb
mount: can't find /dev/sdb in /etc/fstab

**************************



So I attempt to enter /dev/sdb in /etc/fstab but unsuccessful since it’s read-only. I try this.



**************************

[<username>@localhost etc]$ sudo cryptsetup luksFormat /dev/sdb
[sudo] password for <username>:

WARNING!
========
This will overwrite data on /dev/sdb irrevocably.

Are you sure? (Type uppercase yes): YES
Enter passphrase:
Verify passphrase:
Cannot format device /dev/sdb which is still in use.
[<username>@localhost etc]$ sudo umount /dev/sdb
umount: /dev/sdb: not mounted
[<username>@localhost …
0
Hi Experts
i need to disable ubuntu desktop 17.10  GUI and startup with command or tty only
i googled for this and i found that i need to run this command
sudo systemctl stop lightdm.service
but i got error the lightdm is not available
0
Hello Folks,

does anybody have any idea on how to remove/hide Places from the top panel?

Thanks for looking
0
Hi,

I am looking for some test cases I can include in a virtual network to create rules that can make sense in an office scenario, like prohibiting social media, proxies, etc. Any ideas are appreciated, so that I will apply rules according to a particular test case. Any difficulty level, and the more original they are, the better!

Thanks in advance
0
I recently installed LAMP, then set up virtual sites by running sudo mkdir example.com.

I don't remember if I did this from root or from my limited user account.

When I log into SFTP from my limited user account it says permission denied in my FTP client.

Is this because I created the directories from the root account?

is it safe to be able to read and write files from a limited user account?

What command should I run to set the proper permissions?

thanks
0
I installed a password program on  Linux Ubuntu and have been away from this computer for about six months and of course forgot my login password (my Super user I remember). I have almost no knowledge of computers can someone walk me through the process of getting past it to get back on that thing? Or do i light it on fire?? (I don't really want to light it on fire, lol). and there are some important docs on there.
0
I have this issue where non-root (ie non-priv) UNIX users or even applications could
alter or create files that are world-writable & this will easily become an audit issue.

As the creator/owner, they can always change the file permission using chmod.
"umask" can set the default settings for files created but this will not stop them
from altering it subsequently.

Q1:
Can provide sample ACLs or any method such that even owners of files can't alter
the UNIX file permission?

Q2:
Is there any way without using paid products (OpenSource is fine) to alert us if
file permissions are being changed?  Sort of File Integrity Monitoring but we
don't want to be alerted/notified if file content or dates are changed, only if
permission is changed.


We run Solaris 10 & 11 (both have ACL features) & AIX 6.x/7.x and RHEL 7.x.

Or is there a "find ..."  command which we can run daily to identify which files'
permissions got changed the last 1 day?
0
We have a vendor who has put his linux based appliance behind a firewall. If I ssh to the system from the same subnet as the linux appliance ssh succeed - giving me a login prompt and then succeeding with authentication. If I login to the linux appliance from the Outside of the firewall the conversation succeeds apparently - I get a login prompt. But when I enter the same credentials the connection is promptly terminated. If I look at the firewall I see only the allowed SSH session and no other denies to the server.
Any idea what might be going on? What logging could be looked at on the linux appliance to give us insight as to why the ssh connection is failing in the second case? Thank you
0
hi,

I connnected to one production inace went to the log directory where bunch of log files there.

how to continuosly monitor logs for any possible errors , exceptions.

how frequently new files created?
do i have to do vi command to open the log file

please advise
0

Linux Security

The Linux operating system, in all its flavors, has its own share of security flaws that allow intrusions, but there are various mechanisms by which these flaws can be removed, generally divided into two parts: authentication and access control. Authentication is responsible for ensuring that a user requesting access to the system is really the user with the account, while access control is responsible for controlling which resources each account has access to and what kind of access is permitted.

Top Experts In
Linux Security
<
Monthly
>