Linux Security

The Linux operating system, in all its flavors, has its own share of security flaws that allow intrusions, but there are various mechanisms by which these flaws can be removed, generally divided into two parts: authentication and access control. Authentication is responsible for ensuring that a user requesting access to the system is really the user with the account, while access control is responsible for controlling which resources each account has access to and what kind of access is permitted.

Share tech news, updates, or what's on your mind.

Sign up to Post

1. How to resolve issue below?

[code][root@28-218-217-172-on-nets home]# chown -R smb01 ~/home/share
chown: cannot access ‘/root/home/share’: No such file or directory
[root@28-218-217-172-on-nets home]#

Open in new window

I want to grant write permission to user smb01.

2. Is "ls -l" enough to list out all rights of user smb01 on folder /home/share? Is there any other command?
Exploring ASP.NET Core: Fundamentals
LVL 13
Exploring ASP.NET Core: Fundamentals

Learn to build web apps and services, IoT apps, and mobile backends by covering the fundamentals of ASP.NET Core and  exploring the core foundations for app libraries.

What to adjust, due to the error below?

[smb01@28-218-217-172-on-nets samba]$ cp smb_c.conf /home/share
cp: cannot create regular file ‘/home/share/smb_c.conf’: Permission denied
[smb01@28-218-217-172-on-nets samba]$ 

Open in new window

i have active directory on ubuntu. i try to change password from ubuntu.
it failed: passwd: Authentication token manipulation error
passwd: password unchanged
i try to reboot still the same i try
sudo mount -o remount,rw /  same problem
my shadow file under /etc has 0640 as permission
rewrite of pam-auth-update not help so much.
i have an ubuntu 16.04. server is join to samba active directory. i can see all users via wbinfo -u.
User can't login to server. i can see on /var/log/auth :
 Failed to mount per-user tmpfs directory
pam_systemd(su:session): Failed to create session: Invalid argument

it's look like users can't create tmpfs directory under /run/user
i can create directory for each user on my /etc/fstab but this is not a solution.
i install libpam-tmpdir (via sudo install ...) but it's not working.
any idea how to solve this issue
unable to access web site. port 80 still blocked

[root@logserver log]# iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTABLISHED
ACCEPT     icmp --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:ssh
REJECT     all  --  anywhere             anywhere            reject-with icmp-host-prohibited
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:http
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:https

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination
REJECT     all  --  anywhere             anywhere            reject-with icmp-host-prohibited

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
I am thinking about pointing Ansible to my local repository for updates. How do I accomplish the task? And more importantly, is pointing Ansible to local repository the right way to design Ansible patching architect?
Here is my log rotation configuration file.

# Configuration file for logrotate of clear applicaion log files.
    rotate 5
    olddir /tmp/app/archive


logrotate -dv /tmp/user/test.conf

I have bunch of log files inside /tmp/user/logs.

these are dates for those log files

May 30
May 22
May 13
May 9
May 7

when i ran dry test, i don't see its working.  it does not even compress.
[root@localhost ~]#
[root@localhost ~]# yum update kernel-2.6.32-754.9.1
Loaded plugins: fastestmirror
Setting up Update Process
Loading mirror speeds from cached hostfile
 * base:
 * extras:
 * updates:
No Match for argument: kernel-2.6.32-754.9.1
No package kernel-2.6.32-754.9.1 available.
No Packages marked for Update
[root@localhost ~]# yum list all | grep kernel
dracut-kernel.noarch                       004-411.el6                   @anaconda-CentOS-201806291108.x86_64/6.10
kernel.x86_64                              2.6.32-754.el6                @anaconda-CentOS-201806291108.x86_64/6.10
kernel-firmware.noarch                     2.6.32-754.el6                @anaconda-CentOS-201806291108.x86_64/6.10
abrt-addon-kerneloops.x86_64               2.0.8-44.el6.centos           base
kernel.x86_64                              2.6.32-754.14.2.el6           updates
kernel-abi-whitelists.noarch               2.6.32-754.14.2.el6           updates
kernel-debug.x86_64                        2.6.32-754.14.2.el6           updates
kernel-debug-devel.i686                    2.6.32-754.14.2.el6           updates
kernel-debug-devel.x86_64                  2.6.32-754.14.2.el6           updates
kernel-devel.x86_64                        2.6.32-754.14.2.el6           updates
kernel-doc.noarch                          2.6.32-754.14.2.el6           updates
kernel-firmware.noarch                     …
Hi Expert

I have issues using SSH to log into the Linux server (Distribution 7.5 RHEL). I am able to log into the server physically.

I have did some researched it was due to "PAM" , not sure is it related to the following article, How to Restrict root Access to SSH Service Via PAM

As an example, we will configure how to use PAM to disable root user access to a system via SSH and login programs. Here, we want to disable root user access to a system, by restricting access to login and sshd services.

We can use the /lib/security/ module which offers great flexibility in limiting the privileges of specific accounts. Open and edit the file for the target service in the /etc/pam.d/ directory.

Reference link show in the following;
Hi team ,

My CentOS7.6 server is rebooted suddenly , we check the logs and not observed any abnormality .
Kindly help us to find the user or why server rebooted suddenly and help to find out same.

Kindly update me if any logs require.

Become a Certified Penetration Testing Engineer
LVL 13
Become a Certified Penetration Testing Engineer

This CPTE Certified Penetration Testing Engineer course covers everything you need to know about becoming a Certified Penetration Testing Engineer. Career Path: Professional roles include Ethical Hackers, Security Consultants, System Administrators, and Chief Security Officers.

I need to grant a user SUDO rights to change OTHER people's passwords.  I know SUDOERS can be more specific, but I've not been able to decipher the syntax.

Can someone help out?  What would my line the sudoers file be to allow passwd to be run and ONLY passwd as root?

I'll accept other ideas but keep in mind, user MUST be able to do this from the console (putty shell) on a CentOS system.

i did migrate a Linux box to another datacenter and I had to re-ip the server. The hostname remains the same.  After migration i came to know there was another server which was communicating with the migrated server with ssh keys authentication.  I have ssh-agent running on serverB which should take care the passphrase. ServerA has been migrated and I did re-ip.  

I did remove serverA entry from known_hosts and did handshake again.

now ServerA has the authorized_keys which is exactly the key from ServerB.  

not sure what is the issue here and why I am getting prompt for passphrase ?  Please help

serverB:~/.ssh> ssh ServerA

Enter passphrase for key '/home/appid/.ssh/id_rsa':  

serverB:~/.ssh> ps aux | grep ssh-agent | grep -v grep
appid 9509  0.0  0.0  18540   556 ?        Ss   Mar10   0:00 /usr/bin/ssh-agent
I am trying to add 2 factor authentication on a linux host. It is sending a radius request to
a MS radius server which is somehow connected to MS authenticator app which I have
on my iPhone. I have it working to where if I ssh to the linux host with my AD UID and PW
a message goes to my Authenticator app on the I phone which I confirm. And then I'm in.

BUT - some of my colleagues have Authenticator setup so that they get a PIN rather than
just a confirmation number. Is there a way for SSH to work with this variant of 2factor
authentication with MS Authenticator app?
What's the best way to monitor for UDP syslog traffic coming in from a redhat 4 and redhat 5 syslog clients if it's not arriving at the syslog server. The syslog server is running on a Redhat 6 server. netstat -taulpe | grep syslog is showing that UDP is listening on all IP's on the server but I'd like to see if there is any other way apart from running  tcpdump -i <nic> port 514. Would watch lsof -a -i:514 show it?

Security Bulletin: IBM MQ and IBM MQ Appliance MQOPEN call might succeed when it should have failed. (CVE-2017-1341 )

what does  IBM MQ and IBM MQ Appliance MQOPEN call means?
does it mean client side or server side?
We have implemented a new ERP system and are using seven Datalogic portable data terminals logging in to a Linux VM using telnet connections over WiFi. The problem I am facing is we only have seven licenses for our handheld units and at times a unit will lose connection and the user has to log back into their telnet session, however their old shell on the VM is orphaned and we cannot log in due to the license restrictions. I have set the units up so I can identify each unit by userid so I can kill the duplicate sessions but it happens enough that managing it this way is not practical as a long term solution.

I know just enough Linux to be dangerous but not enough to accomplish what I would like to do which is when a user HH1 or HH2 or HH3 logs in I would like to kill any existing shells for the user so each handheld is a one to one between the physical unit and the shell on the VM.

Any ideas on how to do this. We use TelNetCE on the units and just telnet and the users have a simple green screen, character based menu driven system.


I'm running CentOS Linux release 7.4.1708 (Core), issue is i'm able to login using local users but not using ldap users, please help me on this.

I've tried restarting services using authconfig-tui command, but still i'm getting authentication failure error for ldap user.

please see the attached doc (ldap issue.docx), and below output commands and let me know if any other details are required.

[root@server01 log]# cat /etc/openldap/ldap.conf
URI ldap://<ldap servrer ip>:389/
BASE dc=prod,dc=hclpnp,dc=com
[root@server01 log]# getent passwd testuser
[root@server01 log]#

[hubba@servder01 ~]$ su - testuser
su: Authentication failure

[root@server01 log]# cat /etc/nsswitch.conf
# /etc/nsswitch.conf
# An example Name Service Switch config file. This file should be
# sorted with the most-used services at the beginning.
# The entry '[NOTFOUND=return]' means that the search for an
# entry should stop if the search in the previous entry turned
# up nothing. Note that if the search failed due to some other reason
# (like no NIS server responding) then the search continues with the
# next entry.
# Valid entries include:
#       nisplus                 Use NIS+ (NIS version 3)
#       nis                     Use NIS (NIS version 2), also called YP
#       dns                     Use DNS (Domain Name Service)
#       files              …
I am in the process of standing up a Ubuntu Linux server from a .vhd file.
The existing partitions are too small to handle the backup file thus I need to add extra partition space to the system.
This is a hyper-V hosted system.
I've never done this before. Can someone give me some guidance on what I will need to do?
Initially I was building a new server with 2 Tb of disk space but we decided to use a existing secured version of a .ova file which I converted over to a .vhd file.
Can anyone help me understand what I need to do?
We have more space available, the vhd was set to more than what the original image was configured for.
How can I expand the relevant partitions to take account of this extra available space?
Which partitions should get the extra space?  Opt is where the backups are stored via the main application so that one definitely needs to be expanded.
Filesystem                        Size  Used Avail Use% Mounted on
udev                               16G     0   16G   0% /dev
tmpfs                             3.1G  8.7M  3.1G   1% /run
/dev/mapper/vg00-root              19G  1.4G   17G   8% /
tmpfs                              16G  4.0K   16G   1% /dev/shm
tmpfs                             5.0M     0  5.0M   0% /run/lock
tmpfs                              16G     0   16G   0% /sys/fs/cgroup
/dev/sda1                         464M   58M  382M  14% /boot
/dev/mapper/vg00-opt               76G   76G     0 100% /opt
tmpfs                            …
Expert Spotlight: Joe Anderson (DatabaseMX)
LVL 13
Expert Spotlight: Joe Anderson (DatabaseMX)

We’ve posted a new Expert Spotlight!  Joe Anderson (DatabaseMX) has been on Experts Exchange since 2006. Learn more about this database architect, guitar aficionado, and Microsoft MVP.

I'm looking for a commercial RADIUS solution that Linux Servers can authenticate against. Specifically:

1) Primary purpose is for Linux user authentication
2) Is there any RADIUS solution that can replicate to other RADIUS servers, just like Microsoft Active Directory Servers can replicate to each other? This can even be a one way replication.
3) Preferably this RADIUS solution runs on Linux and not windows.
4) Preferably is a supported RADIUS solution, i.e. paid for product that we can get support on as needed. Unless there is a simple to use free version that doesn't require extensive learning to use.

We have setup OpenVas in our infrastructure. We were able to run it in order to scan assessments reports on VM's within our infrastructure. However the results of the scans is very long and complete. We would like to filter that same report in order to only have results of the High severity reports.

Any idea on what would be the most effective approach to filter the Greenbone scans?
What is pam?  What is ldap?   I know those two are for authentication but still confused. Why system administrators usually configure authentication by pam_ldam.conf. What is the advantage with this.

how to configure pam_ldap in client side to connect solaris ldap server.

Hi, i'm trying to set up PAM Authentication on debian 9: On the first login at boot, i would like for PAM to ask both my password AND my yubikey neo. Once i'm logged in , i would like to only use my yubikey for sudo, screenlock and so on. I would like this to happen for a specific user only, while still being able to login via root with just my root password.
I successfully configured the PAM module for yubikey (auth required mode_challenge-response) but this way, i have to type my psw AND have the yubikey plugged in at EVERY sudo, login, screenlock.

I'm going crazy over this because i'm unable to find decent documentation about this on the web.

Can somebody please provide some help?

I am getting this error message, when I was trying to run rpmbuild --rebuild lin_tape-3.0.23-1.src.rpm on Red Hat Linux 7.4 (Kernel version: 3.10.0-693.1.1.el7.x86_64). Can some one let me know what is problem and what should be the proper procedure to fix it. Here is the output mentioned below,

#rpmbuild --rebuild lin_tape-3.0.23-1.src.rpm
Installing lin_tape-3.0.23-1.src.rpm
Executing(%prep): /bin/sh -e /var/tmp/rpm-tmp.sCvFVM
+ umask 022
+ cd /root/rpmbuild/BUILD
+ cd /root/rpmbuild/BUILD
+ rm -rf lin_tape-3.0.23
+ /usr/bin/gzip -dc /root/rpmbuild/SOURCES/lin_tape-3.0.23.tgz
+ /usr/bin/tar -xf -
+ '[' 0 -ne 0 ']'
+ cd lin_tape-3.0.23
+ /usr/bin/chmod -Rf a+rX,u+w,g-w,o-w .
+ exit 0
Executing(%build): /bin/sh -e /var/tmp/rpm-tmp.KGligF
+ umask 022
+ cd /root/rpmbuild/BUILD
+ cd lin_tape-3.0.23
++ echo x86_64-redhat-linux-gnu
++ cut -f 1 -d -
+ p=x86_64
+ '[' x86_64 == i386 ']'
+ '[' x86_64 == i586 ']'
+ '[' x86_64 == i686 ']'
+ '[' x86_64 == ppc64 ']'
+ '[' x86_64 == powerpc ']'
+ '[' x86_64 == powerpc64 ']'
+ '[' x86_64 == s390 ']'
+ '[' x86_64 == s390x ']'
+ '[' x86_64 == ia64 ']'
+ '[' x86_64 == x86_64 ']'
+ proc=AMD
+ make KERNEL=3.10.0-693.1.1.el7.x86_64 PROC=x86_64 SFMP=0 driver
make: Nothing to be done for `driver'.
+ exit 0
Executing(%install): /bin/sh -e /var/tmp/rpm-tmp.hQeoFx
+ umask 022
+ cd /root/rpmbuild/BUILD
+ '[' /root/rpmbuild/BUILDROOT/lin_tape-3.0.23-1.x86_64 '!=' / ']'
+ rm -rf …

How to Make The Text Cursor Automatically when i'm on console text ?
I use directly on boot the tty console and desactivate graphical mode.

Thanks for your reply,

someone talk me about : /etc/inittab, or /etc/fstab
But i don't think it's good idea to modify 2 by 5

Linux Security

The Linux operating system, in all its flavors, has its own share of security flaws that allow intrusions, but there are various mechanisms by which these flaws can be removed, generally divided into two parts: authentication and access control. Authentication is responsible for ensuring that a user requesting access to the system is really the user with the account, while access control is responsible for controlling which resources each account has access to and what kind of access is permitted.

Top Experts In
Linux Security