Linux Security

The Linux operating system, in all its flavors, has its own share of security flaws that allow intrusions, but there are various mechanisms by which these flaws can be removed, generally divided into two parts: authentication and access control. Authentication is responsible for ensuring that a user requesting access to the system is really the user with the account, while access control is responsible for controlling which resources each account has access to and what kind of access is permitted.

Share tech news, updates, or what's on your mind.

Sign up to Post

On RH 6 systems running rsyslog 5.8.10 we noticed that if we setup a
client system to use TCP to log to a remote server:
*.*       @@192.168.1.2

Open in new window

If the remote log server is not reachable for some reason no logging takes place, not even local logging to the local system log files.
When the log server is available and rsyslog is restarted  both local logging and remote logging work.   I would like to come up with a config that would ensure that local logging still occurs when  the TCP remote server is down?  I think I need to look at action queues, but was hoping someone could provide an example on how to get this to work.
0
What is 'sticky session' when considering web traffic load balancing and how session-stickiness is usually achieved ?

can you please explain me a real world scenario. Like how it is used.
0
I am trying to set up a linux box as router ( packet forwarder to external + NAT). All the references I have found show that can be achieved using  iptables.
The question I have , if for performance  reasons  I can’t use iptables, is there any other alternative to achieve the same result ?

Thanks
0
Hi,
i'm looking for the quickest way to query Windows Event ID's from a Linux CentOS device.
I managed to do it via WMI but the enumerations of security logs using WMI simply takes too long.
what other methods are there to query Windows Event ID's as well as information from Active Directory using Linux?
can i use powershell from linux to query? how do SIEM devices like mcafee\greylog do it? what are the methods that can be done to query this info from linux other then WMI?

any help will greatly be appreciated this is driving me nuts
0
hi all,

I am now learning basic operation of Lunix and unix:

1) how to list active process in linux and unix and kill it accordingly.
2) how to change application start mode so that we can choose to start in administator/root user mode instead of general user mode in lunix and Unix.
3) how to check disk space left in linux and Unix.
4) what is the commonly use Linux and Unix administrative tools so that I don't need to use command mode?
5) how to check existing CPU usage of all CPU core in Linux and Unix, and therefore which application use the most CPU resource can be found.
6) how to check existing RAM usage of all application in Linux and Unix and therefore know which application use the most RAM/
0
Hi,

I want ot learn and practive Linux commands on my windows 10 laptop. how to instal and set up and practice in centos. please advise
I was checking below but not sure where and how to get software etc
http://www.tecmint.com/centos-6-3-step-by-step-installation-guide-with-screenshots/

please advise
0
Hello
Im new to Serverspec and LDAP and I was tasked to create some tests for testing and validating the infrastructure for LDAP is up and running correctly. Are there any good tests that I can code with ruby to validate that LDAP is running and configured properly?

Thanks!
0
Hello guys,
well i wanted to clear root password and admin password (sudo user) , using passwd -l root and then passwd -l admin, the result was successful
well my question how i can reset the password for admin only, knowing it keeps asking for current password which should be empty. no??
admin@mail:~$ passwd admin
Changing password for admin.
(current) UNIX password:

Open in new window

whatever i try old password or enter for none, the result always failed.
what i'm missing in here? it shouldnt be empty already?

thanks guys
0
Fine Tune your automatic Updates for Ubuntu / Debian
0
What is the easiest way to do this , do you have a sample kickstart file you can share with me that would have these options

thanks!!!!!!!!
0
I have a python script that copies some proprietary code from a USB to an app folder on a debian wheezy system.  The usb will be sent to a client site for them to plugin and click a button to do the update.  After the update is complete I use rm to delete the files from the usb but I assume this would be easily recovered.  I'm worried that the client will have this usb laying around and they will attempt to recover the files and have access to our code.

So the question is not of design, I know there are better ways to do it overall.  But in this case is there a simple way in python or using system.os to wipe or otherwise obfuscate the deleted files on the usb?  I can add your suggestion to the source code before we ship the usb (and test it of course)

thanks
0
Hi there
We are an MSP and cloud host. We would like to buy (or use) a web filter that we can provision in the cloud and offer to our clients to use it as a web proxy (if that’s the best way, perhaps) and be able to filter out objectionable content (with a warning issued to the end-user and the attempt logged and later reported upon to management).
The way I see it…
INTERNET  <----> cloud web filter/proxy <-----> client’s browsers forced to use the proxy
Importantly, the filter needs to be in the cloud (with a public IP) and NOT in the clients’ premises.
Ideally I would like to use an existing supported solution - either open source or paid, rather than roll-your-own from a Linux distro. I was thinking Untangle, SquidGuard, SafeSquid. Don't know if they can do it, or others.
Any ideas ?
Thanks
Michael
0
I have nas disk mounted as nfs mount point i linux. how to create a dd image of this. the mount point is like that
s
tor01-nas.llg:/export/shared/ps_oem   nfs     2G  9.9K  2G    1% /oem1
0
I have Included the script.  This is a new install but the access_log is real and has values in it.  This script works on another instance without any problems.  The script reads the access log and counts how many times an ip hits the instance during a given time period.  It then sorts based on the highest hits at the top of the report via ssh.

Here is the message when it is ran
[root@ip-172-31-31-103 html]# ./modified_gawk.sh "26 Dec 2016" 06:00:00 "28 Dec 2016" 22:00:00
Examining from Mon Dec 26 06:00:00 UTC 2016 (1482732000)
            to Wed Dec 28 22:00:00 UTC 2016 (1482962400)

Processing /var/log/httpd/access_log-20161127 file

Open in new window


This is an excerpt of the log file
77.75.79.72 - - [28/Dec/2016:22:00:41 +0000] "GET /robots.txt HTTP/1.1" 500 4596 "-" "Mozilla/5.0 (compatible; SeznamBot/3.2; +http://napoveda.seznam.cz/en/seznambot-intro/)"
77.75.79.72 - - [28/Dec/2016:22:00:41 +0000] "GET /category/vce/images/vce/20081117-fungusgnat.jpg HTTP/1.1" 500 4596 "-" "Mozilla/5.0 (compatible; SeznamBot/3.2; +http://napoveda.seznam.cz/en/seznambot-intro/)"
77.75.79.72 - - [28/Dec/2016:22:00:42 +0000] "GET /wp-content/uploads/wpcf7_captcha/1575611804.png HTTP/1.1" 500 4596 "-" "Mozilla/5.0 (compatible; SeznamBot/3.2; +http://napoveda.seznam.cz/en/seznambot-intro/)"
77.75.79.72 - - [28/Dec/2016:22:00:44 +0000] "GET /about/ HTTP/1.1" 500 4596 "-" "Mozilla/5.0 (compatible; SeznamBot/3.2; +http://napoveda.seznam.cz/en/seznambot-intro/)"
52.3.127.144 - - 

Open in new window

0
Hi,

I am trying to set up a openLDAP (2.44) search/auth-proxy to a Windows 2012 R2 AD server on and off for a month now with no apperent success.

Third party applications need to search (verify) users against a LDAP connection in the DMZ. ( apps like like Proofpoint, etc.)

Has anyone have a good step-by-step guide for a newby or a OVA or similar?
(openLDAP 2.44 is not using SLAPD.conf, and all guides are still using that way of config...)

PS:I prefer it on a Debian based OS.....? :-)
0
Keep getting this error every time I add a password to a user.

[root@ip-172-31-31-103 html]# adduser ftpd2
[root@ip-172-31-31-103 html]# passwd 78AH832446X8e26W
passwd: Unknown user name '78AH832446X8e26W'.
[root@ip-172-31-31-103 html]# useradd -d /ftp/ftpd3 ftpd3
useradd: cannot create directory /ftp/ftpd3
[root@ip-172-31-31-103 html]# mkdir /ftp
[root@ip-172-31-31-103 html]# useradd -d /ftp/ftpd3 ftpd3
[root@ip-172-31-31-103 html]# passwd ^C
[root@ip-172-31-31-103 html]# passwd 78AH832446X8e26W
passwd: Unknown user name '78AH832446X8e26W'.
[root@ip-172-31-31-103 html]# useradd -d /ftp/ftpd4 ftpd4
[root@ip-172-31-31-103 html]# passwd RqQA64F5uQQR2AHs
passwd: Unknown user name 'RqQA64F5uQQR2AHs'.
[root@ip-172-31-31-103 html]# useradd -c 'FTP USER ftpd5' -m ftpd5
[root@ip-172-31-31-103 html]# passwd RqQA64F5uQQR2AHs
passwd: Unknown user name 'RqQA64F5uQQR2AHs'.

Open in new window

0
What is the syntax to test if a certain ip was included in a country block on an ipset on a Centos 6 server?
0
Hi guys.

We are building a certain system where the user register to the website and the same user has to be created on the OS level
The web registration form automatically hashes the password using MD5. the parameters are then passed to a json file.
I can get the password field using jq. I'm wondering however if there's a way to create the user in the system while passing the MD5 hashed password and not the clear text one.
0
Hi, I am running mail sever on a CentOS 7 Linux, the default permission of /var/log/maillog is not worldwide readable, I want to make it readable to others.

In the rsyslog.conf, I added the following 2 lines of umask to make the /var/log/messages and maillog.
The result is messages is worldwide readable, but the maillog is not. Any idea how to make it works?  Thanks!!

-rw-r-----.  1 root   root    145145 Dec 13 09:48 maillog
-rw-r--r--.  1 root   root    284227 Dec 13 09:51 messages

Rsyslog.conf:

#### RULES ####

# Log all kernel messages to the console.
# Logging much else clutters up the screen.
#kern.*
$umask 0022 # make log worldwide readable

# Log anything (except mail) of level info or higher.
# Don't log private authentication messages!
*.info;mail.none;authpriv.none;cron.none                /var/log/messages

# Log all the mail messages in one place.
mail.*                                                  -/var/log/maillog

$umask 0077  # Reset the umask so /var/log/secure stays 600

# The authpriv file has restricted access.
authpriv.*                                              /var/log/secure

# Log cron stuff
cron.*                                                  /var/log/cron

# Everybody gets emergency messages
*.emerg                                                 :omusrmsg:*

# Save news errors of level crit and higher in a special file.
uucp,news.crit                                          …
0
Having a hard time trying to add to the domain a machine using Arch Linux, somehow I managed to sort of make the machine to join the domain but when it comes to the authentication part the computer won't recognize the credentials. Has anyone had luck doing this? if so can someone please help with the proper commands to make this work? Been dealing with this issue for a week now and I'm getting really frustrated. Bottom line if there's an easier way to make this machine to join the domain and authenticate properly that would be fantastic.

Many thanks in advance to anyone with the answer out there!
0
What´s the diference ? can I use liboauth-php instead oauth-1.2.3 ?
the liboauth is installed, but not working ?
I´m using Debian Wheezy.
0
Please tell me what this error means?  

ModSecurity: Output filter: Content-Length (1809203) over the limit (524288). [hostname "www.theherbsplace.com"] [uri "/ATNblog/atom.xml"] [unique_id "WC2oe6wfFuwAAGVI1ioAAAAA"]

Open in new window

- this is the complete error

I have mod_security in httpd.conf commented out.  

#<IfModule security2_module>
 #   Include crs/owasp-modsecurity-crs/modsecurity_crs_10_setup.conf
  #  Include crs/owasp-modsecurity-crs/base_rules/*.conf
#</IfModule>

Open in new window


Ultimately, I want it disabled.  So is there a better way to disable it?
0
Centos 7.  user no longer able to access home dir.   Secure log shows fatal: bad ownership or modes for chroot directory "/home/username" [postauth].  Root owns /home, user owns /home/username.  Permissions are currently at 755.   What am I missing?
0
The version of Linux Ubuntu is:-

Linux version 4.4.0-38-generic (buildd@lgw01-22) (gcc version 4.8.4 (Ubuntu 4.8.4-2ubuntu1~14.04.3) ) #57~14.04.1-Ubuntu SMP Tue Sep 6 17:20:43 UTC 2016

After booting with LiveCD, in rescue Mode, /dev/sda is present, /dev/sda1 and /dev/sda5 partitions are valid. /etc/fstab are valid. Grub rewritten.

Boots with GRUB, and then later...

Ubuntu.jpg
0
This is the version of Linux Ubuntu 14.04.03

Linux version 4.4.0-38-generic (buildd@lgw01-22) (gcc version 4.8.4 (Ubuntu 4.8.4-2ubuntu1~14.04.3) ) #57~14.04.1-Ubuntu SMP Tue Sep 6 17:20:43 UTC 2016

The issue, after trying to login via the Default Ubuntu GUI, it loops back to the GUI again. (originally you could not type anything via the keyboard, this has been resolved).

Login via SSH and Console prompt are working fine.
0

Linux Security

The Linux operating system, in all its flavors, has its own share of security flaws that allow intrusions, but there are various mechanisms by which these flaws can be removed, generally divided into two parts: authentication and access control. Authentication is responsible for ensuring that a user requesting access to the system is really the user with the account, while access control is responsible for controlling which resources each account has access to and what kind of access is permitted.