[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x

Linux Security

The Linux operating system, in all its flavors, has its own share of security flaws that allow intrusions, but there are various mechanisms by which these flaws can be removed, generally divided into two parts: authentication and access control. Authentication is responsible for ensuring that a user requesting access to the system is really the user with the account, while access control is responsible for controlling which resources each account has access to and what kind of access is permitted.

Share tech news, updates, or what's on your mind.

Sign up to Post

Hi,

how to teach winscp remember password. Every time entering password is pain for me. please advise
0
I'm having a small issue with a recently provisioned Debian 9.1 VM (from an online hosting company).

When deploying the VM I am provided with Key-Based Authentication for the machine. Those work fine (with the new "debian" super user, root not being anymore active by default) but I'd like to be able to use user / pass too (if nothing else for console access).

How do I set my password ? I tried
passwd debian

Open in new window

but I am prompted for the "old" password which I don't know...

Also - even if it is not best practice - can I activate the root user ?
0
Hello ,

I have a problem with interfaces on a multihomed topology. My interfaces can not ping each other and can not ping theirselves too
sysctl as given below.

But it is able to ping the interface ip when i directly write ping 37.123.98.142 , if the both interface are not able to ping this interface's ip how does it ping it or from where ?

I have to let them have access each other how shoud i do it ?

Note: loopback interface activated
Note2: em interfaces are all down

[root@spd network-scripts]# sysctl -p
net.ipv4.ip_forward = 1
net.ipv4.conf.p1p1.rp_filter = 2
net.ipv4.conf.p1p2.rp_filter = 2
net.ipv4.conf.all.rp_filter = 2
net.ipv4.conf.default.rp_filter = 2
net.ipv4.conf.lo.rp_filter = 2
net.ipv4.conf.p1p1.accept_local = 1
net.ipv4.conf.p1p2.accept_local = 1
net.ipv4.conf.all.accept_local = 1
net.ipv4.conf.default.accept_local = 1
net.ipv4.conf.lo.accept_local = 1
net.ipv4.conf.default.arp_filter = 0
net.ipv4.conf.all.arp_filter = 0
net.ipv4.conf.p1p2.arp_filter = 0
net.ipv4.conf.p1p1.arp_filter = 0
net.ipv4.conf.lo.arp_announce = 2
net.ipv4.conf.all.arp_announce = 2
net.ipv4.conf.default.arp_announce = 2
net.ipv4.conf.p1p1.arp_announce = 2
net.ipv4.conf.p1p2.arp_announce = 2

Open in new window


PING 37.123.98.142 (37.123.98.142) from 37.123.98.142 p1p1: 56(84) bytes of data.

^C
--- 37.123.98.142 ping statistics ---
3 packets transmitted, 0 received, 100% packet loss, time 2055ms

[root@spd network-scripts]# ping -I p1p1 37.123.98.138
PING 37.123.98.138 (37.123.98.138) from 37.123.98.142 p1p1: 56(84) bytes of data.

^C
--- 37.123.98.138 ping statistics ---
4 packets transmitted, 0 received, 100% packet loss, time 3064ms

[root@spd network-scripts]# ping -I p1p2 37.123.98.138
PING 37.123.98.138 (37.123.98.138) from 37.123.98.138 p1p2: 56(84) bytes of data.

^C
--- 37.123.98.138 ping statistics ---
2 packets transmitted, 0 received, 100% packet loss, time 1038ms

[root@spd network-scripts]# ping -I p1p2 37.123.98.142
PING 37.123.98.142 (37.123.98.142) from 37.123.98.138 p1p2: 56(84) bytes of data.

^C
--- 37.123.98.142 ping statistics ---
3 packets transmitted, 0 received, 100% packet loss, time 2060ms

Open in new window


[root@spd network-scripts]# ping 37.123.98.142
PING 37.123.98.142 (37.123.98.142) 56(84) bytes of data.
64 bytes from 37.123.98.142: icmp_seq=1 ttl=64 time=0.019 ms
64 bytes from 37.123.98.142: icmp_seq=2 ttl=64 time=0.022 ms
64 bytes from 37.123.98.142: icmp_seq=3 ttl=64 time=0.017 ms
64 bytes from 37.123.98.142: icmp_seq=4 ttl=64 time=0.015 ms

Open in new window




Open in new window

0
what is meaning of root.
why i have to go to root. what i can do from root what i cannot do from root. what i can do using my user.
how unix allows logging in as different user say John when i logged in as say xyz

any online link or free video tutorials explaining all these concepts? an how to practice please advise
0
Hello ,


any body know what is the meaning of this numbers in iptables config file :

*raw
:PREROUTING ACCEPT [1318098:74794423]
:OUTPUT ACCEPT [2065:1143634]

Open in new window

0
Hello ,

When we add this rules for forwarded traffic it is dropping all packets as they are invalid. There is no notrack rule on the server, why does it see the forwarded traffic as it is invalid ?


#-A FORWARD -p tcp -m conntrack --ctstate INVALID -j DROP
#-A FORWARD -p tcp ! --syn -m conntrack --ctstate NEW -j DROP

Open in new window

0
Hello ,

We are facing with some kind of an attack as given below  also i have attached the pcap file ,

important thing is that  ;
  1. IP addresses spoofed with our country's ISP ip addresses
  2. TTL has been spoofed also and the TTL values are in the range of the ip address owners - you should find and edit the same ddos on github with name VSE
  3. Data is a copy of real packet used on this protocol for counter strike
  4. Destination port is also counter's port
  5. checksums are correctly generated

how should i block this kind of attack without blocking the real users ?



Protokol :17  Source IP :85.104.15.177  Source Port :58061  Destination IP :213.238.166.2  Destination Port :27015  TTL :108  Paket Boyutu :51  Checksum :9777  Data :FFFFFFFF71636F6E6E6563743078304135423333304500  
Protokol :17  Source IP :95.13.27.190  Source Port :55271  Destination IP :213.238.166.2  Destination Port :27015  TTL :111  Paket Boyutu :51  Checksum :64648  Data :FFFFFFFF71636F6E6E6563743078303044414236313000  
Protokol :17  Source IP :88.238.142.125  Source Port :55150  Destination IP :213.238.166.2  Destination Port :27015  TTL :105  Paket Boyutu :51  Checksum :37970  Data :FFFFFFFF71636F6E6E6563743078304138383935423800  
Protokol :17  Source IP :85.103.139.224  Source Port :52054  Destination IP :213.238.166.2  Destination Port :27015  TTL :108  Paket Boyutu :51  Checksum :49529  Data 

Open in new window

0
Hello ,

Is there any possible way to drop bogus packets as seem below .

for this packets ; packet payload is smaller then the length of the packet

 Screen-Shot-2017-08-23-at-22.22.46.png
0
Hi,

I have user called xyz under that folder there is folder call test under that there is folder called abc, def, hij etc

i want to search to search in all above folders and subfolders for a particular keyword say " nullpointerexception " how t do that .
please advise
0
hi,

now setup the first MySQL 5.7. 19 and now created a user to access it from a remote machine.

how can I grant the full right on everything to this user by doing this:

GRANT usage  on *.* TO xyz@localhost;

what I got is :

ERROR 1133 (42000): Can't find any matching row in the user table


GRANT ALL PRIVILEGES on *.* TO xyz@localhost;

and I got :

ERROR 1133 (42000): Can't find any matching row in the user table


the same message,

how can I solve it?
0
hi,

winscp how to sudo as admin?
I currently logged in as my user say xyz but i am not able to delete particulr folder/directory. I have to login or pseudo as admin user say rrr to that. how to psedo in the winscp to rrr user?pleaseadcise
0
Hi,

winscp how to compare 2 different unix users say xyz and abc by opening xyz on left hands side and abc on right hand side. As of now on the left hands side i was able to open my windows laptop folder structure like C drive etc and on right hands side i am able to open one unix user like abc or xyz etc. please advise
0
i'll need a Shell script that scans thru creation dates of all patches (ideally only the security ones but
if this is not possible, then all patches) installed in an RHEL 7 server, get the latest one, compute
the difference from today's date & give the difference in number of days & if the difference is
more than 90 days, echo out a message, "It has been more than 90 days since last patch)

Purpose is to check the last patch date & remind Linux admins.  Believe RHEL releases patches
at least every 3 monthly?
0
hi

on the unix box various users like xyz, abc etc.

Looks like disk space is running out of server and i need to cleanup.

How to know how much user xyz occupying size and how much abc user is occupying size. please advise
0
I  have a few question for selection of drop policy applied place.

1. Which one first apply the drop rule ?
2. iptables and nftables are user space appliances but i do not know deeper , are they work in kernel space and pipe the requests from user space or are they work completely after kernel space ?
3. Is there any possibility to drop a packet before any kernel space module ,i tryed with netfilter and drop an ip xx.xx.xx.xx and i realize that tcpdump still reading the traffic but iptables not. So the traffic is passing to kernel space still on netfilter.
0
i am in particular folder say abc.

I did ls -ltr where there are bunch of files.

i want to search all the files starting with file name xyz alone ignoring other starting with pqr etc(ignore pqr000.log.20170806.gz etc).
My search should result like

xyz123.log.20170806.gz
xyz456.log.20170806.gz
xyz789.log.20170806.gz etc



What is the command i have to use for that.

is it grep or find or something else.

when i gave grep xyz.* it did not gave any result.

how searching inside a file content is different from search outside on unix file names.

any good link on these commands? please advise
0
I haven't worked on SUSE long time. Can some one explain me the process of patching in SUSE and I want to update the bash package.

need some steps as well. I would appreciate.

I want to cover this

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6277
0
Hi,

In unix using vi how do i copy paste from one file say abc.ccfg to xyz.ccfg.

in windows i simply say on abc.ccfg select all then control c then go to xyz.ccfg say control v .

Thats all i have to do.

VI editor is something i hate.

not at all use friendly.

even moving cursor is big thing there.

any good shortcuts and tips, links on using vi.
0
when i cannot stop weblogic server my friend gave below commands



ps -ef | grep ggg3rrr

what above command gives as result?
kill -9 43856
what is -9 and what is 43856 in above kill command.

please advise
0
Hi,

I have xyz.ccfg under my weblogic server.

I logged in to unix weblogic server box.
How do i search on above file name 'xyz.ccfg' to find its exact location like

abc/home/user1/......

i am not sure exactly where it is?


please advise
0
I am running  proFTPD server on  my system. When i use filezilla ftp client i get the folllowing error when i try to access the files on my server. What is causing this error? See attached file for exact screenshot of the issue.
ftpd-error-message.PNG
0
The issue is as follows, I am running an centos 7 server with a  PHP Plesk Panel 12.5 running my subscribers and their sites. I just recently installed the Ipad site builder module and the site builder module to test each for a potential site building solution for my clients. Well after i installed both,  I was forwarded to a third party website where the actual website is created for each client. Well, after the site is created, on their site i have the option to publish it to a domain on my server.  At 50% install i get the following error  fsockopen failed No route to host (113). Now this same thing happens when i use the site builder module as well.  I am running  PROFTPD on the system, so i do have an ftp server running.  What i need to find out is how to resolve this issue. I am sending you a screenshot us running filezilla  as ftp on port 21, i get the following error. I know this is a minor issue , i just need help narrowing down the cause or misconfiguration.

My firewall and router are open for port 21.
ftpd-error-message.PNG
0
I had installed Apache SVN over ubantu 16 . in which i am trying to put access base restriction for different path by AuthzSVNAccessFile /svn/net location.
 hear i am facing issue for [/]  groups are getting restricted but apart from this location any path is not getting restricted inspite of trying multiple combination in access file.

Server.conf
<Location /svn>
  DAV svn
  SVNParentPath /svn/repos/
  AuthzSVNAccessFile /etc/svn_serve.conf
  AuthType Basic
  AuthName "MITS"
  AuthUserFile /etc/svnpasswd
  Require valid-user
 </Location>

Access file

[groups]
admins=svnnet
designers=designer1
[/]
@admins=r
[/svn/net]
@designers=r
@admins=rw
0
The error i get when i use port 21The error i get when i use port 21The error i get when i use port 21I have  this ftp dameon installed on my server for ftp access : psa-proftpd      1.3.5b-cos7.build1205160427.18. I am running centos 7 with a plesk 12.5 control panel. Each time i try to access port 21 with a valid user name and password i get an error. I have a screenshot of the area as an attachment to this question. I have never setup the ftpd dameon, it was installed when plesk was installed. I need help on understanding, do i need to do some manual changes to the config file of this dameon. I have firewalld and a router running, and both allow port 21 access to the real world. What can be the problem here, please help. I even check to see if the port is open from the web and it is. I am sure this issue is not hard, i just am a bit stuck at this point.
0
Error: Package: R-core-devel-3.4.0-2.el6.x86_64
           Requires: libicu-devel
**********************************************************************
yum can be configured to try to resolve such errors by temporarily enabling
disabled repos and searching for missing dependencies.
To enable this functionality please set 'notify_only=0' in /etc/yum/pluginconf.d/search-disabled-repos.conf
**********************************************************************

--> Running transaction check
---> Package R-core-devel.x86_64 0:3.4.0-2.el6 will be an update
--> Processing Dependency: libicu-devel for package: R-core-devel-3.4.0-2.el6.x86_64
---> Package kernel.x86_64 0:2.6.32-642.11.1.el6 will be erased
--> Finished Dependency Resolution
Error: Package: R-core-devel-3.4.0-2.el6.x86_64
           Requires: libicu-devel
 You could try using --skip-broken to work around the problem
** Found 2 pre-existing rpmdb problem(s), 'yum check' output follows:
tomcat6-admin-webapps-6.0.24-98.el6_8.noarch has missing requires of tomcat6 = ('0', '6.0.24', '98.el6_8')
tomcat6-webapps-6.0.24-98.el6_8.noarch has missing requires of tomcat6 = ('0', '6.0.24', '98.el6_8')
0

Linux Security

The Linux operating system, in all its flavors, has its own share of security flaws that allow intrusions, but there are various mechanisms by which these flaws can be removed, generally divided into two parts: authentication and access control. Authentication is responsible for ensuring that a user requesting access to the system is really the user with the account, while access control is responsible for controlling which resources each account has access to and what kind of access is permitted.

Top Experts In
Linux Security
<
Monthly
>