Linux Security

The Linux operating system, in all its flavors, has its own share of security flaws that allow intrusions, but there are various mechanisms by which these flaws can be removed, generally divided into two parts: authentication and access control. Authentication is responsible for ensuring that a user requesting access to the system is really the user with the account, while access control is responsible for controlling which resources each account has access to and what kind of access is permitted.

Share tech news, updates, or what's on your mind.

Sign up to Post

HI Experts,
I know how to write php script from the command line in ubuntu.I do nano test.php.

I have downloaded Bluefish editor successfully and wrote a test program.I tried to save it in /opt/lampp/htdocs.But it is not being saved on it.When I tried to run it on localhost ,it gives error.and when I try to run it from the bluefish editor,the url looks like this which is ofcorse not correct.
file:///opt/lampp/htdocs/test2.php   INstead of http://localhost/test2.php.

PLease help,
Thanks.
0
I've been using vi -x forever to encrypt files.  I was reminded the encryption with this is not so hot.  It's just soo convenient.  What would be a more secure method of encrypting when using vi and just as easy?  Thanks.
0
Hi,

1) I have a linux Ubuntu 10.04.3 workstation
2) It gets the IP address from DHCP server
3) I am installing a Lotus Notes' program; but this is nothing to do with the lotus notes
4) I am confused with one of the linux command as specified in step # 3
5) To install the above program, i follow this reference:
http://blog.turabdin.nl/2010/08/install-ibm-lotus-notes-8-5-2-on-ubuntu-10-04-64-bits/

6) The summary is as the followings:
Step 1: First install the dependencies:
sudo aptitude install libgnomeprint2.2-0 libgnomeprintui2.2-0

Note: I follow this command; and it is executed successfully (I do not have error message)

Step2: After that install the DEBs with –force-architecture switch. No need to force everything.
sudo dpkg -i --force-architecture ibm-lotus-notes-8.5.2.i586.deb

Note: As I put the "ibm-lotus-notes-8.5.2.i586.deb in the Desktop; I modify a little bit the above command; It is executed like this:
sudo dpkg -i --force-architecture Desktop/ibm-lotus-notes-8.5.2.i586.deb
The Result: It is good; it is also executed successfully (I do not have error message)

Step3: That’s it, start the client running.
/opt/ibm/lotus/notes/framework/../notes

Note:
- This is the command that I get confused!!!
-What command is it?
- Is it Change Directory ("CD") or what?
- Is it a statement " /opt/ibm/lotus/notes/framework/../notes " or what?

- If I am at [root@localhost init.d]#, and i type in: ./network restart (I know that I ask the network…
0
how to install putty on ubuntu/Windows and connection thru ssh
0
Hi all
Im on RHEL Linux 2.6.18

how do you install Tomcat over top of Apache ?

isnt there some sort of connector or something ?
what all do I need for https ?

how do you tell if all thats working ? even though I have tomcat7, apache httpd many modules and things all installed, I still cannot get everything to work right .. I must be missing something since Im all by my lonesome on this. any insight is much appreciated.

If I do the JK connector when I try a ./configure I then get I first need apsx ??!?! whats that ? Im lost please help
0
Hi,

1) I have a linux Ubuntu 10.04.3 workstation
2) I am now at terminal --> jwhite@Ubuntu-10:~$
3) I type in: cd AAA/BBB/CCC/DDD/PPP/RRR
-The outcome: I NOW be at jwhite@Ubuntu-10:~/AAA/BBB/CCC/DDD/PPP/RRR$
4) My goal: I want to be at jwhite@Ubuntu-10:~/AAA/BBB/CCC/DDD/PPP$

5) My question: What command or Tools should I use? (Note: I try to type in " cd ", but it brings me to jwhite@Ubuntu-10:~S)

6) Thank you

tjie
0
I'm looking for some suggestions on what a good software solution for logging all activities on my actual server. (Not the website, altho there may be some cross over).  Essentially I want to be able to more easily track what any one person is doing specifically on the server and become aware when someone accesses it.  (in real time preferably).  Is there any good software solution that will notify me of when someone is in the shell.   I'm not sure if I'm asking the question 100% correctly but I just want to improve the overall logging / security of my web server.
0
Hey Guys!

I need to keep ownership of new files or directories created by any user.

Example:
I have:
drwxr-xr-x 2 apache apache 1 Sep 19 11:17 /var/www/htdocs/website/

So, I need that when any user creates a new file or directory that inherit owner and group.

The group I resolved by setting sgid, so the group is inherit but the OWNER I dont know.

I do not like to create a shellscript and run it every 5 minutes thru crontad. It's a poor solution...

Some hint?
0
Experts,

I use APF firewall and am able to add my forwarding rules to /etc/apf/preroute.rules and /etc/postroute.rules

My rules are set as follows:

preroute:

$IPT -t nat -A PREROUTING -p tcp --dport 666 -i eth0:0 -j DNAT --to-destination x.x.x.x:port

postroute:

$IPT -t nat -A POSTROUTING -j MASQUERADE

If I change -i eth0:0 to -i eth0 this works. If I keep this as eth0:0, it fails. I want it to work for the virtual interface eth0:0 - is this because I need to add routing tables for the virtual interfaces? Or a more complex iptables expression?

Thanks for any help!

0
Hi,

1) I have a Linux workstation Ubuntu 10.04.3 in the production environment
2)This machine gets the IP address from DHCP server, and gets good connection per Intranet and Internet

3) My question: When I am at Command Line; what COMMAND should I relaunch to go to GUI?

4) Thank you

tjie
0
Hi,

1) I have a linux Ubuntu workstation in the production environment

2) I am used to with the Microsoft windows Environment
- There is a network share --> \\Boba\IS_Dept\Software\Lotus_Notes

3) To connect to the above Network share (in windows Environment); i will do the followings:
- Go to "Run"
- Then, type in: \\Boba\IS_Dept\Software\Lotus_Notes
- It will prompt me to the Lotus_Notes' folder, and I can select the which version of the lotus notes client that i can install (either for Window or Linux or Mac)

4) Now, I am at the above Linux Ubuntu Workstation; and I want to install the Lotus Notes' client for Linux; I have to map to ---> \\Boba\IS_Dept\Software\Lotus_Notes

5)My questions: How to do it? Where is the "Run" command at Linux Workstation Ubuntu 10.04.3?

6) Thanks

tjie
0
Hi,

1) This UAC tools at Windows Vista and 7 are very annoying.
2)I have a linux Ubuntu (10.04.3) workstation in production environment
- It gets the IP address from DHCP server
- It can connect to intranet and internet well
3) This linux machine is also having the capability similar to UAC --> always prompting to password
4) Per help of EE's experts, i get to know that we can "DISABLE" this UAC tool by editing the file at /etc/sudoers
5) I did editing this file as the followings
- open terminal
-switch to root --> use "sudo -s"
-edit the file with gedit --> gedit /etc/sudoers
-The editing is:
   * Original (or by default): %admin ALL=(ALL) ALL
   * Change it into: %admin ALL=(ALL) NOPASSWD: ALL
-then SAVE and EXIT
6) After doing the above, I want to TEST (whether this UAC tool has been DISABLED); I do the followings
-open terminal
- I type in: sudo -s --> it did not ask me the password, and it change to the "root"
- I am back to the "user" (not root), and type in: sudo gedit /etc/hostname --> the hostname window appear, and the system did not ask me for a password
- I am back to the "user" (not root), and type in: sudo ifconfig eth0 down --> and it did not ask me for a password (When I check, the IP address is gone; it is only 127.0.0.1; so the command is working)
- I type in --> sudo ifconfig eth0 up (and the IP address appears again; and it did not also asking for password)

7) I need the Confirmation from Experts please
8) Per my understanding, …
0
Hi,

1) There is  a linux workstation Ubuntu 10.04.3 in the production environment
-It gets the IP from DHCP server
-It can connect well to intranet and internet
2) The client of this workstation is annoyed with UAC (User Acces Control) which always Prompting with password of the root
3) Per reference from one of EE's experts; the article says like the followings:
-Open terminal
-Sudo visudo
-Find the line that says
   %admin ALL=(ALL) ALL
-and change it to
   %admin ALL=(ALL) NOPASSWD: ALL
-Save and exit the file

4) The things that I do in my ubuntu 10.04.3
- I open the terminal
- I am at --> Jack@Ubuntu-10:~$
-I switch to root --> sudo -s
- Now, I am at --> root@ubuntu-10:~#
- Then, I type in --> sudo visudo
- It opens the nano's windows like this:

GNU  nano  2.2.2   File: /etc/sudoers.tmp
# /etc/sudoers
#
#This file MUST be edited with the 'visudo' command as root.
#
# See the man page for details on how to write a sudoers file
#
Defaults    env_reset
# Host alias specification
#User alias specification
#Cmnd alias specification
# User privilege specification
root      ALL=(ALL) ALL
# Allow members of group sudo to execute any command after they have

5) The editing that i do:
- I edit     ALL=(ALL) ALL and change it to ALL=(ALL) NOPASSWD: ALL
- Now , I have to SAVE and EXIT ---> (this is my problem; what is the command to save and to exit in nano?)

6) My questions: What is the command to SAVE and to EXIT in this nano …
0
Hi,

1) I have setup the Ubuntu workstation (version 10.04.3) in the production environment

2) When installing the Ubuntu, I specify the followings:
- User is "jwhite"
- password is "Boba"

3) I gave the computer to Jwhite
- jwhite was annoyed .....many times he has to "key in" the password

4) I believe that we can select something like "prompting the password" or "no prompting the password" during the installation
- Now, it is late (the installation has been completed)
- But, i believe we still be able to select "No prompting the password"

5) My question: Would somebody show me how to select "Not prompting the password at all" per GUI and per Command line?

6) Thanks

tjie

0
1) This is a Linux Ubuntu (version 10.04.3) workstation in the Enterprise environment
2) This machines
- getting the IP address from DHCP server
- LAN and internet work well in this machine

3) Problem:

i) My linux machine will periodically "crash" out of the Ubuntu GUI with a message about the screen resolution being set to low ....
ii) Then, I get another box that asks me what I want to do .....
iii) Two of the boxes, I have checked and led me back to the command line, and I have to login again.
iv) One of the boxes, I have checked printed out some status/technical text then either kept churning away or froze, but never gave me back a command line ...


4) I am a windows guy, and I need help from Linux Experts please

5) The GOAL: I often will leave a system running for days as I work on various tasks.

6) How to solve this problem?

7) Thank you

tjie
0
1) This is a Linux Ubuntu (version 10.04.3) workstation in the Enterprise environment
2) This machines
- getting the IP address from DHCP server
- LAN and internet work well in this machine

3) Problem: This machine periodically "Crash" out of the Ubuntu GUI with a message about the Screen Resolution is set too low

4) I am a windows guy, and I need the confirmation (or 2nd opinion) from Experts

5) My Proposed Solution:
- I am using the GUI
-I go to System>Preferences>Monitor
- The current resolution : 800 X 600
- I select and change it to 1024 x 768
- I click Apply

6) My question:
- I am logging in as Jack
- And now I am at Jack@Ubuntu-10:~$
- If I execute #5, Everytime Jack logins, he will get the resolution of 1024X768 in his monitor, right?
- Experts: Please confirm Yes or No
- If NO, how to make it the resolution 1024 x 768 PERMANENT for Jack

7) Thanks

tjie
0
Hi,

1) This is a Linux Ubuntu (version 10.04.3) workstation in the Enterprise environment
2) This machines
- getting the IP address from DHCP server
- LAN and internet work well in this machine

3) Problem: This machine periodically "Crash" out of the Ubuntu GUI with a message about the Screen Resolution is set too low

4) How to solve this problem?

5) Thank you

tjie
0
Hi,

1) I am a Windows guy
- For Example: When I have a Windows XP workstation
- I want to know how much RAM (or memory) in this machine
- I will "right-click" my computer, Select Properties; and under the general tab, I will see the RAM

2)I now have a Linux Workstation (Ubuntu 10.04.3)
- I want to know how much RAM in this machine

3) The Goal: To find out (per GUI) how much RAM that this Ubuntu linux workstation has?

4) Would you somebody show me the PATH (to achieve the goal in # 3)?

5) Thanks

tjie
0
Is it generally OK to simply run "yum update" to update all packages on a linux machine? There are very many available and I want to be sure that any and all updates in regards to security are applied.
0
Hello everyone,

For the past two days I've been looking into how to set up iptables for a linux machine that acts as a web server, processes email, and also needs FTP and SSH access. I'm wondering if what I have put together to set iptables is enough, and/or, going to impede the server's functions at all. It's a basic LAMP setup. I'm also wondering if the order of the rules is basically correct.

I think it's close, but my main concerns are PHP, MySQL, email and FTP running. Do PHP and MySQL communicate on the localhost level, or do other ports (3306) need to be added? Is there anything I've overlooked that should also be added?
Is sendmail in the INPUT necessary? (I couldn't figure that one out)

Putting together and editing from several resources online, this is what I've come up with:

#!/bin/bash
#
# iptables example configuration script
#
# Flush all current rules from iptables
#
 iptables -F
#
# Allow SSH connections on tcp port 22
# This is essential when working on remote servers via SSH to prevent locking yourself out of the system
#
 iptables -A INPUT -s 12.34.56.78 -p tcp --dport 22 -j ACCEPT
 iptables -A INPUT -s 98.76.54.0/24 -p tcp --dport 22 -j ACCEPT
#
# Set default policies for INPUT, FORWARD and OUTPUT chains
#
 iptables -P INPUT DROP
 iptables -P FORWARD DROP
 iptables -P OUTPUT ACCEPT
#
# Set access for localhost
#
 iptables -A INPUT -i lo -j ACCEPT
#
# Accept packets belonging to established and related connections
#
 iptables -A INPUT -m 

Open in new window

0
Hi,

I'm trying to install a patched (for GNS3) version of qemu-0.14.1 using checkinstall, and getting the following:

$ sudo yum --nogpgcheck localinstall /root/rpmbuild/RPMS/x86_64/qemu-0.14.1-1.x86_64.rpm
Loaded plugins: refresh-packagekit
Setting up Local Package Process
Examining /root/rpmbuild/RPMS/x86_64/qemu-0.14.1-1.x86_64.rpm: qemu-0.14.1-1.x86_64
Marking /root/rpmbuild/RPMS/x86_64/qemu-0.14.1-1.x86_64.rpm to be installed
Resolving Dependencies
--> Running transaction check
---> Package qemu.x86_64 0:0.14.1-1 will be installed
--> Finished Dependency Resolution

Dependencies Resolved

========================================================================================================================================================================================
Package                               Arch                                    Version                                     Repository                                              Size
========================================================================================================================================================================================
Installing:
qemu                                  x86_64                                  0.14.1-1                                    /qemu-0.14.1-1.x86_64                                   86 M

Transaction Summary

Open in new window

0
yesterday I went to ssh into my web server like a normal day when it said my root password was invalid. I logged in with another account with no problem but still couldn't get root access. I checked the logs and saw a new account was created with root privileges and my root password was changed both from an IP based in Asia. I'm the only one with access to my dedicated server and I'm in the US.

I called my hosting company and had them reset the server and root password. I logged in deleted that new account, limited ssh access to only my one limited user account, changed passwords for that account and a different one for root, changed the port ssh runs on, setup iptables to block all connections except on port 80 (http), 443 (https) and the new port I set for ssh. I thought to myself that now it's completely secure. except today I login and find all my logs are deleted, a new account is created again with root access and my iptables rules have been cleared. I did everything again but no doubt the hacker will be back in soon.

what should I do? I'm at a loss. I'm in progress of copying all my valuable files off my server to do a fresh install and start over. my websites average over 150K pageviews per day so I don't want to go offline if possible. How can I find how he's getting in? please help. not sure what to do here.

I run Cent OS linux and apache.
0
Hi,

On Red Hat Enterprise Linux Server release 5.4 (Tikanga),
I am trying to create a script that will automatically install software on a remote server.
I have it's root password and there are no security issues.
When I run the ssh/scp commands I get the question in the title.
I am looking for a way to automatically acknowledge this question

My code looks somthing like this:

ssh-keygen -R ${DG_NODE}
rm -rf  ~root/.ssh/id_rsa*                                            
alias scp='scp -o StrictHostKeyChecking=no -o BatchMode=yes '
ssh-keygen -q -t rsa -f aaa -N "" -f ~root/.ssh/id_rsa
scp ~root/.ssh/id_rsa.pub root@${DG_NODE}:~root/.ssh/authorized_keys

Using the -o UserKnownHostsFile=/dev/null  option did not help as well.
Thanks
0
How to distinguish between physical (dedicated) server from VPS or cloud?

Which utility can give me such information? Or maybe system call and so on?
0
Hi i am trying to build an apache cluster with LB. Any articles would be appreciated.
0

Linux Security

The Linux operating system, in all its flavors, has its own share of security flaws that allow intrusions, but there are various mechanisms by which these flaws can be removed, generally divided into two parts: authentication and access control. Authentication is responsible for ensuring that a user requesting access to the system is really the user with the account, while access control is responsible for controlling which resources each account has access to and what kind of access is permitted.

Top Experts In
Linux Security
<
Monthly
>